b"TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION\n\n\n\n\n                    The Electronic Fraud Detection System\n                   Redesign Failure Resulted in Fraudulent\n                   Returns and Refunds Not Being Identified\n\n\n\n                                          August 9, 2006\n\n                              Reference Number: 2006-20-108\n\n\n\n\n This report has cleared the Treasury Inspector General for Tax Administration disclosure review process\n  and information determined to be restricted from public release has been redacted from this document.\n\n Redaction Legend:\n 1 = Tax Return/Return Information\n 3(a) = Identifying Information - Name of an Individual or Individuals\n 3(d) = Identifying Information - Other Identifying Information of an Individual or Individuals\n\n\n Phone Number | 202-927-7037\n Email Address | Bonnie.Heald@tigta.treas.gov\n Web Site      | http://www.tigta.gov\n\x0c                                                  DEPARTMENT OF THE TREASURY\n                                                        WASHINGTON, D.C. 20220\n\n\n\n\nTREASURY INSPECTOR GENERAL\n  FOR TAX ADMINISTRATION\n\n\n\n\n                                                  August 9, 2006\n\n\n MEMORANDUM FOR ACTING CHIEF INFORMATION OFFICER\n\n FROM:                         Michael R. Phillips\n                               Deputy Inspector General for Audit\n\n SUBJECT:                      Final Audit Report \xe2\x80\x93 The Electronic Fraud Detection System Redesign\n                               Failure Resulted in Fraudulent Returns and Refunds Not Being\n                               Identified (Audit # 200620009)\n\n This report presents the results of our review to determine whether the Internal Revenue Service\n (IRS) effectively managed annual programming changes and requested modifications to the\n Electronic Fraud Detection System (EFDS) prior to Processing Year1 (PY) 2006.\n\n Synopsis\n The EFDS is the primary information system used to support the Criminal Investigation (CI)\n Division\xe2\x80\x99s Questionable Refund Program, a nationwide program established to detect and stop\n fraudulent claims for refunds on income tax returns. In PY 2005, the CI Division stopped\n $412.2 million in fraudulent refunds. In 2001, a contractor was hired to assist the IRS with\n EFDS operations, maintenance, and enhancements. As of April 24, 2006, over $37 million had\n been paid to the contractor for this work, including $18.5 million for system development efforts.\n Two other contractors were paid approximately $2 million for system development work,\n bringing the total EFDS system development cost to $20.5 million.2 The January 31, 2006,\n Business Case shows the EFDS total costs from August 1994 through September 2005 were\n $185.9 million.\n In 2002, the IRS initiated an effort to redesign the EFDS to improve system performance,\n reliability, and availability. The redesigned EFDS web-based application3 (Web EFDS) was to\n\n 1\n   See Appendix VI for a Glossary of Terms.\n 2\n   The $18.5 million and $20.5 million are based on our analysis of the total costs obtained from the EFDS Project\n Office and the IRS web-based requisition tracking system.\n 3\n   The system development effort will allow users to access the System via the IRS Intranet.\n\x0c                 The Electronic Fraud Detection System Redesign Failure Resulted\n                      in Fraudulent Returns and Refunds Not Being Identified\n\n\n\nbe implemented in January 2005. Due to system development problems, the implementation\ndate was delayed until January 2006. However, the implementation date was not met. On\nApril 19, 2006, all system development activities for the Web EFDS were stopped, and all efforts\nwere focused on restoring the old EFDS for use in January 2007. Therefore, the IRS has been\nand will be unable to use the EFDS to prevent fraudulent refunds during PY 2006. The IRS\nreported that, due to other leads,4 $93.9 million5 in fraudulent refunds had been stopped as of\nMay 19, 2006, without the EFDS being operational.\nThe lack of adequate executive oversight and monitoring of the Web EFDS project contributed\nto the EFDS not being implemented for PY 2006. From June 2002 until July 2003, an EFDS\nExecutive Steering Committee held periodic meetings to review the project\xe2\x80\x99s activities. After\nJuly 2003, executive oversight for the project was provided by Business Systems Development\n(BSD) office executives who also have responsibility for managing the maintenance and\ndevelopment work for over 325 IRS systems. The IRS is considering expanding the Senior\nManagement Dashboard Review of projects to include nonmodernization projects such as the\nEFDS. The IRS also established an Enterprise Services office in the Modernization and\nInformation Technology Services organization to consolidate common enterprise programs.\nIn the Business Case required by the Office of Management and Budget, the EFDS is presented\nas a Steady State project although the Business Case describes ongoing operations and\nmaintenance activities, development of the web-based application, and redesign of the database.\nThe Business Case also contains several conflicting statements describing the status of the\nproject and the related system development efforts. Based on IRS guidelines, the EFDS should\nbe categorized as a Development/Modernization/Enhancement project and be governed by an\nExecutive Steering Committee that includes executives from outside the BSD organization.\nAlthough the Business Case was reviewed by the IRS, the Department of the Treasury, and the\nOffice of Management and Budget, none of the reviewers questioned the categorization of the\nproject or the conflicting statements.\nBecause the EFDS was classified as a Steady State project, an initial cost estimate for the Web\nEFDS development was not prepared. Therefore, management did not monitor for and we\ncannot determine whether there were cost overruns. However, the Web EFDS was initially\nscheduled to be implemented in January 2005, and funds continued to be added to the project to\npay the contractors for their system development efforts.\nProject documentation indicates the Web EFDS project followed the Enterprise Life Cycle-Lite\nsystem development methodology and the status of the project was monitored through project\nteam and contractor discussions, status reports, and reviews of the work breakdown structure.\n\n\n4\n  The EFDS is the primary source for the identification of leads on fraudulently filed tax returns; however, leads are\nalso received from sources internal to and external from the IRS.\n5\n  This amount was derived from a manual process provided by the Fraud Detection Centers on a weekly report; it\nhas not been verified and could contain inconsistencies/inaccuracies due to the manual process.\n                                                                                                                     2\n\x0c              The Electronic Fraud Detection System Redesign Failure Resulted\n                   in Fraudulent Returns and Refunds Not Being Identified\n\n\n\nAlthough numerous indications of potential risks and problems were raised throughout the\nproject, effective corrective actions were not taken. Also, three key project management\ndocuments were not maintained properly or created timely.\nDuring development of the Web EFDS, there were numerous changes in project management\nand executives responsible for overseeing the project. Frequent changes in leadership can affect\nthe project continuity and direction and may indicate other problems with the project. There was\nalso excessive turnover of contractor employees working on the project, partially due to mergers\nof the contractor firms. The combination of the assignment of new employees who need to\nbecome familiar with a project and the loss of highly skilled employees can jeopardize\ninformation technology projects and result in less than full performance.\nBecause the Web EFDS was not implemented as scheduled in 2005 and 2006, and there are no\ncurrent plans to continue development of the Web EFDS, we estimate the IRS inefficiently used\nresources totaling $20.5 million from May 25, 2001, to April 24, 2006, for the contractor costs\nassociated with development of the Web EFDS. An undeterminable amount of internal staffing\ncosts were also incurred in trying to test the new System and monitor the primary contractor\xe2\x80\x99s\nactivities.\nWe reviewed six work requests written against the EFDS task order and determined they\nincluded deliverables written in general terms with no specific due dates. Because of the\ncontract type used to procure contractor assistance, the contractor continues to be paid for system\ndevelopment work while a critical system used to stop fraudulent tax returns and refunds was not\noperational during PY 2006. In addition, the Federal Government\xe2\x80\x99s interest has not been\nprotected, and the contractor cannot be held accountable for not meeting deliverable due dates.\nWhile the contract vehicle used to obtain contractor services is very important, the effectiveness\nof the Contracting Officer\xe2\x80\x99s Technical Representative (COTR) in monitoring the contractor\xe2\x80\x99s\nperformance is also crucial in assuring successful contract administration. ****3(d)****\n\n\n\n\n                                                  .\nIRS management advised us that, during a meeting between IRS and contractor executives, a\nContractor Senior Director commented the old EFDS would be updated and implemented at no\ncost to the Federal Government because the contractor did not deliver the Web EFDS as\nscheduled. However, the contractor submitted charges totaling $459,718 for the additional work\n                                                                                                     3\n\x0c              The Electronic Fraud Detection System Redesign Failure Resulted\n                   in Fraudulent Returns and Refunds Not Being Identified\n\n\n\nto get the old EFDS ready for implementation, and these charges were paid by the IRS. The\nEFDS Project Manager advised us the invoices were paid without question because all invoices\nfor the contract type that was used must be paid in full. The contractor had stated only verbally it\nwould not charge the IRS for updating the old EFDS for use in 2005, and the matter was not\nraised with the contractor. Therefore, these costs are considered questioned costs because the\ncontractor did not deliver a Web EFDS that worked.\nThe EFDS Project Executive advised us a decision would be made in the future about whether to\ncontinue the Web EFDS development efforts and what contracting approach should be used.\nThe IRS has established a Questionable Refund Program Executive Steering Committee to\nreview and approve changes to the Program, but due dates regarding any Program change\ndecisions have not been determined.\nBy using cost-reimbursement contracts, ineffectively monitoring contractor performance, and not\nquestioning contractor invoice charges for updating the old EFDS, the IRS did not ensure the\nFederal Government\xe2\x80\x99s interests were protected and the Web EFDS was implemented timely to\nidentify and stop fraudulent tax returns and refunds.\n\nRecommendations\nWe recommended the Chief Information Officer ensure the EFDS project is assigned to an\nExecutive Steering Committee for executive oversight; the Business Case and the information\ntechnology investment portfolio are revised to categorize the EFDS project properly and include\naccurate and consistent information; project risks are identified and addressed properly; the\nproper system development life cycle methodology is implemented for EFDS development;\nother projects being managed in the new Applications Development organization are assigned to\nthe appropriate oversight process; and high-risk projects, like the EFDS, are included in the\nSenior Management Dashboard Review process. We also recommended the Chief Information\nOfficer ensure contractors are held accountable for performance; COTRs are trained adequately\nand perform their duties properly; discussions are initiated with the Director, Procurement, and\nthe contractor to recover the funds paid to the contractor to restore the old EFDS for PY 2005\nand any additional costs resulting from nondelivery of a functional Web EFDS; and additional\nwork on the Web EFDS is deferred until the IRS decides who will perform the EFDS work.\n\nResponse\nIRS management agreed with all of the recommendations and has begun to implement corrective\nactions, such as placing the EFDS project under the governance of the Taxpayer Relationship\nManagement Executive Steering Committee on May 31, 2006, and identifying, documenting,\nand discussing EFDS risks, issues, and mitigation strategies at the appropriate oversight\ncommittees.\n\n                                                                                                  4\n\x0c              The Electronic Fraud Detection System Redesign Failure Resulted\n                   in Fraudulent Returns and Refunds Not Being Identified\n\n\n\nIRS management also plans to implement several corrective actions, including identifying\nhigh-risk projects in the Applications Development organization and assigning them to the\nappropriate oversight process. The IRS stated it is revising the Business Cases to categorize the\nrestoration of the old EFDS for 2007 as a Steady State project. The categorization proposal will\nbe sent to the Department of the Treasury Office of the Chief Information Officer for\nconcurrence and to ensure accuracy and consistency of the information. In June 2006, the IRS\nbegan discussions of tailoring the Enterprise Life Cycle methodology for the project restoring the\nold EFDS. In addition, the IRS is negotiating the contract for the EFDS restoration, anticipating\nthat it will be a cost-plus-fixed-fee contract with a percentage of the contractor\xe2\x80\x99s fees dependent\nupon timely delivery of specified milestones. In Fiscal Year 2007, the appropriate project office\nmanagement staff will have a commitment to ensure all COTRs are trained adequately and their\nduties are performed properly to monitor the contractors\xe2\x80\x99 performance effectively. In May 2006,\nthe IRS initiated discussions with the contractor regarding cost-sharing for the contract to restore\nthe old EFDS for PY 2007. An IRS-wide initiative for the Questionable Refund Program has\nstarted, and a high-level strategy will be completed by December 31, 2006. Any further\ndevelopment of the Web EFDS will include requirements identified from this initiative, and any\nnew development work will be opened to competition. Management\xe2\x80\x99s complete response to the\ndraft report is included as Appendix VIII.\nCopies of this report are also being sent to the IRS managers affected by the report\nrecommendations. Please contact me at (202) 622-6510 if you have questions or\nMargaret E. Begg, Assistant Inspector General for Audit (Information Systems Programs), at\n(202) 622-8510.\n\n\n\n\n                                                                                                  5\n\x0c                    The Electronic Fraud Detection System Redesign Failure Resulted\n                         in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n                                              Table of Contents\n\nBackground ..........................................................................................................Page 1\n\nResults of Review ...............................................................................................Page 4\n          The Electronic Fraud Detection System Did Not Have Adequate\n          Executive Oversight......................................................................................Page 4\n                    Recommendations 1 and 2: ..............................................Page 8\n\n                    Recommendation 3:........................................................Page 9\n\n          The Electronic Fraud Detection System Risks Were Not Effectively\n          Managed........................................................................................................Page 9\n                    Recommendations 4 and 5: ..............................................Page 18\n\n          Contractor 1\xe2\x80\x99s Performance Was Not Effectively Monitored, and\n          Performance-Based Contracts Were Not Used.............................................Page 18\n                    Recommendation 6:........................................................Page 21\n\n                    Recommendations 7 through 9:.........................................Page 22\n\n\nAppendices\n          Appendix I \xe2\x80\x93 Detailed Objective, Scope, and Methodology ........................Page 23\n          Appendix II \xe2\x80\x93 Major Contributors to This Report ........................................Page 26\n          Appendix III \xe2\x80\x93 Report Distribution List .......................................................Page 27\n          Appendix IV \xe2\x80\x93 Outcome Measures...............................................................Page 28\n          Appendix V \xe2\x80\x93 Chronology of the Electronic Fraud Detection System\n          Development Events - January 1, 1995, Through April 19, 2006 ................Page 31\n          Appendix VI \xe2\x80\x93 Glossary of Terms................................................................Page 36\n          Appendix VII \xe2\x80\x93 Electronic Fraud Detection System Management\n          Turnover........................................................................................................Page 43\n          Appendix VIII \xe2\x80\x93 Management\xe2\x80\x99s Response to the Draft Report ...................Page 45\n\x0c                  The Electronic Fraud Detection System Redesign Failure Resulted\n                       in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n                                              Background\n\n The Modernization and Information Technology Services (MITS) organization is responsible for\n providing information technology support and services for the Internal Revenue Service (IRS)\n by building and maintaining information systems that will help the IRS achieve its mission,\n objectives, and business vision. The MITS Strategic Plan for Fiscal Years (FY) 2005 \xe2\x80\x93 2006\n supports the IRS\xe2\x80\x99 objective of discouraging and deterring noncompliance with the tax laws by\n delivering modernized information systems.\n The Criminal Investigation (CI) Division\xe2\x80\x99s Questionable Refund Program is a nationwide\n program established to detect and stop fraudulent claims for refunds on income tax returns. The\n Electronic Fraud Detection System (EFDS) is the primary information system used to support\n the Questionable Refund Program and is currently maintained by the MITS Applications\n Development organization.1 Figure 1 shows the number of fraudulent refund returns and refunds\n identified and stopped over the last 4 years.\n      Figure 1: Fraudulent Refund Returns and Refunds Identified and Stopped*\n Processing       Total         Refund        Returns        False        False      False Refunds     False Refunds\n   Year2         Returns        Returns       Screened      Refund       Refund        Identified        Stopped3\n                  Filed          Filed        by Fraud      Returns      Returns\n                                              Detection    Identified    Stopped\n                                               Centers\n     2002      130,341,159    104,367,859     1,942,089      81,486       41,358      $450,023,509       $333,541,138\n     2003      130,134,276    104,904,543      740,216       96,953       73,400      $349,515,144       $266,423,786\n     2004      130,459,600    106,420,200      463,222      118,075       82,099    $2,241,612,551     $2,110,454,658\n     2005      133,933,000    100,276,000      511,805      132,945      103,537      $515,548,186       $412,184,202\nSource: The CI Division.\n * The EFDS is the primary source for the identification of leads on fraudulently filed tax returns; however, leads are\n also received from sources internal to and external from the IRS. The IRS reports that, due to other leads,\n $93.9 million in fraudulent refunds had been stopped as of May 19, 2006, without the EFDS being operational. This\n amount was derived from a manual process provided by the Fraud Detection Centers on a weekly report; it has not\n been verified and could contain inconsistencies/inaccuracies due to the manual process.\n\n\n\n 1\n   The MITS organization recently combined the former Business Systems Development and Business Systems\n Modernization organizations to create one Applications Development organization. As of March 2006, executive\n management had been realigned into the new organization structure.\n 2\n   See Appendix VI for a Glossary of Terms.\n 3\n   ****1****\n                                                                                                              Page 1\n\x0c                 The Electronic Fraud Detection System Redesign Failure Resulted\n                      in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nIn 2001, a contractor (Contractor 1) was hired to assist the IRS with EFDS operations,\nmaintenance, and enhancements. As of April 24, 2006, over $37 million had been paid to the\ncontractor for this work, including $18.5 million for new system development efforts. In 2002,\nthe IRS initiated an effort to redesign the EFDS to improve system performance, reliability, and\navailability; the initial plan shows the redesigned EFDS web-based application (Web EFDS) was\nto be implemented in January 2005. However, due to system development problems, the\nimplementation date was delayed until January 2006.\nThe IRS also hired two additional contractors to assist Contractor 1 with development of the\nWeb EFDS. Contracts 1 and 2 are cost-reimbursement contracts. Contract 3 is a\ntime-and-materials contract. The responsibilities of Contractors 2 and 3 included the following:\n    \xe2\x80\xa2   Contractor 2 is responsible for determining the effectiveness of and maintaining\n        data-mining techniques and is paid its costs plus a fixed fee. As of April 24, 2006, this\n        contractor had been paid $1,005,546 for work on the Web EFDS.\n    \xe2\x80\xa2   Contractor 3 is responsible for consulting services on database-related issues and is paid\n        based on the number of hours of consulting services provided. As of April 24, 2006, this\n        contractor had been paid $1,002,859 for work on the Web EFDS.\nTherefore, the total development cost for the Web EFDS as of April 24, 2006, was\n$20.5 million.4 Our review primarily focused on Contractor 1 because it was ultimately\nresponsible for delivering a fully operational Web EFDS.\nOn February 21, 2006, the IRS Deputy Commissioner for Services and Enforcement advised us\nthe EFDS would probably not be available during Processing Year (PY) 2006, due to continued\nsystem development problems, and a recovery program to identify\nfraudulently issued refunds would not be run. The IRS              The IRS has been and will\nestablished a Questionable Refund Program Executive Steering      be unable to use the EFDS\nCommittee to review and approve changes to the Program, but the    during PY 2006 to prevent\ndue dates regarding any Questionable Refund Program change          fraudulent refunds, after\n                                                                   spending $20.5 million on\ndecisions have not been determined. On April 19, 2006, all\n                                                                   new system development\nsystem development activities for the Web EFDS were stopped,                efforts.\nand all efforts were focused on restoring the old EFDS for use in\nJanuary 2007. Therefore, the IRS has been and will be unable to\nuse the EFDS to prevent fraudulent refunds during PY 2006. A complete chronology of EFDS\nactivities is included in Appendix V.\nWe initiated this audit at the request of the House Ways and Means Subcommittee on Oversight.\nThe Subcommittee was interested in:\n\n\n4\n The $18.5 million and $20.5 million are based on our analysis of the total costs obtained from the EFDS Project\nOffice and the IRS web-based requisition tracking system.\n                                                                                                           Page 2\n\x0c              The Electronic Fraud Detection System Redesign Failure Resulted\n                   in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n   \xe2\x80\xa2   What were the EFDS problems and have they been fixed?\n   \xe2\x80\xa2   How much money did the Federal Government lose as a result of the EFDS not working\n       properly and allowing the issuance of fraudulent refunds?\n   \xe2\x80\xa2   Does the IRS plan to review those refunds that were not evaluated by the EFDS because\n       the System was not implemented?\nThis audit report will address the first question. The remaining two questions will be addressed\nby an audit conducted by the Treasury Inspector General for Tax Administration (TIGTA)\nHeadquarters Operations and Exempt Organizations Programs business unit (Audit\nNumber 200610003), which will determine the effectiveness of the IRS\xe2\x80\x99 procedures for detecting\nfraudulent and potentially fraudulent refund returns (including inventory controls) and the timely\nand proper hold and release of refunds. The TIGTA Information Systems Programs business\nunit has initiated a separate audit (Audit Number 200620040) to assess the EFDS application and\ninfrastructure security certification and accreditation process.\nThis review was performed at the MITS organization offices in Memphis, Tennessee;\nNew Carrollton, Maryland; and Washington, D.C., during the period February through\nMay 2006. The audit was conducted in accordance with Government Auditing Standards. Our\naudit work was delayed because IRS personnel deferred responses to our requests for interviews,\ndocumentation, and project status briefings citing other priorities with the Web EFDS\ndevelopment activities. In addition, due to the lack of documentation of key meetings and\ndecisions, much of the information in the report is based on emails provided to us and on the\nrecollections of the employees we interviewed. Detailed information on our audit objective,\nscope, and methodology is presented in Appendix I. Major contributors to the report are listed in\nAppendix II.\n\n\n\n\n                                                                                           Page 3\n\x0c                 The Electronic Fraud Detection System Redesign Failure Resulted\n                      in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n                                       Results of Review\n\nThe Electronic Fraud Detection System Did Not Have Adequate\nExecutive Oversight\nThe Clinger-Cohen Act of 19965 requires agencies to use a disciplined Capital Planning and\nInvestment Control process to acquire, use, maintain, and dispose of information technology\nassets. Office of Management and Budget (OMB) Circular A-11, Preparation, Execution, and\nSubmission of the Budget, dated June 2005, requires each agency to include with its annual\nbudget submission to the OMB an information technology investment portfolio, commonly\nreferred to as an Exhibit 53, containing the information technology investment title, description,\namount, and funding source. Twice each year, the OMB requires agencies to submit an OMB\nCircular A-11 Exhibit 300, Capital Asset Plan and Business Case, for each major information\ntechnology investment. IRS guidelines require the Business Case to be updated quarterly. These\ndocuments are essentially Business Cases used by agencies to request funds, monitor the\nprogress of projects, and improve management decision making over expensive information\ntechnology investments. Depending on the type of activities occurring in a project, the project is\ncategorized as a Development/Modernization/Enhancement or Steady State investment.6\nUntil November 2004, IRS information technology projects were classified for investment\ndecision purposes as either Tier A, B, or C, as defined below.\n    \xe2\x80\xa2    Tier A \xe2\x80\x93 Technical Modernization Projects \xe2\x80\x93 Resources devoted to Information\n         Technology Investment Account-funded projects and managed by the IRS Business\n         Systems Modernization Office. Project scale is large, with a 2-year to 3-year time period.\n    \xe2\x80\xa2    Tier B \xe2\x80\x93 Improvement Projects \xe2\x80\x93 Resources devoted to new improvements of medium\n         size (1-year to 2-year time period) and funded from the improvement programs budget.\n    \xe2\x80\xa2    Tier C \xe2\x80\x93 Enhancements/Stay-In-Business Projects \xe2\x80\x93 Resources devoted to all other types\n         of projects (e.g., sustaining operations, legislative changes, and small enhancements to\n         sustaining operations) funded from the regular sustaining operations budget.\n\n\n\n5\n  Pub. L. No. 104-106, 110 Stat. 642 (codified in scattered sections of 5 U.S.C., 5 U.S.C. app., 10 U.S.C., 15 U.S.C.,\n16 U.S.C., 18 U.S.C., 22 U.S.C., 28 U.S.C., 29 U.S.C., 31 U.S.C., 38 U.S.C., 40 U.S.C., 41 U.S.C., 42 U.S.C.,\n44 U.S.C., 49 U.S.C., 50 U.S.C.).\n6\n  The Development/Modernization/Enhancement and Steady State investment types are broken down into the\nsubinvestment types Major, Non-Major, and Small-Other.\n                                                                                                              Page 4\n\x0c              The Electronic Fraud Detection System Redesign Failure Resulted\n                   in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nIn November 2004, the IRS changed the project classification process to be more consistent with\nOMB Circular A-11 guidance that categorizes investments as either Development/\nModernization/Enhancement or Steady State.\nThe IRS\xe2\x80\x99 Capital Planning and Investment Control process for managing information technology\nprojects established an executive governance process for monitoring projects. The process\nincluded the MITS Enterprise Governance Committee, MITS Enterprise Governance Committee\nInvestment Management Subcommittee, and Executive Steering Committees responsible for\nspecific projects. Major projects with costs of over $5 million per year or more than $50 million\nin total life cycle costs are to be governed by the executive governance process. Formal agendas,\npresentations, and meeting minutes (including documentation of key decisions and assignments)\nshould be prepared for each Executive Steering Committee meeting.\n\nThe lack of continuous Executive Steering Committee oversight and inadequate\ndocumentation of key decisions increases the risks that responsible parties are\nnot held accountable and actions are not implemented\nThe EFDS project was initially considered a Tier C project; it was later reclassified as a Steady\nState project. From June 2002 until July 2003, an EFDS Executive Steering Committee held\nperiodic meetings to review the project\xe2\x80\x99s activities. However, the EFDS Executive Steering\nCommittee stopped meeting at about the time the IRS decided to redesign the EFDS into the\nWeb EFDS. After July 2003, executive oversight for the project was provided by the Business\nSystems Development (BSD) organization executives who also have responsibility for managing\nthe maintenance and development work for over 325 IRS\nsystems.                                                            The EFDS project was\n                                                                  incorrectly categorized as a\nAs of April 30, 2006, the Web EFDS project did not have           Steady State initiative after\nan Executive Steering Committee to provide executive            completion of a reengineering\noversight as required by the Capital Planning and              study and the awarding of a task\nInvestment Control process, although we were advised by        order for software maintenance\n                                                                   and development totaling\nthe EFDS Project Executive that the IRS is going to               $39 million. The lack of an\nreestablish an EFDS Executive Steering Committee.               executive governance process\nOn April 24, 2006, the Applications Development                contributed to the inefficient use\norganization briefed us on the status of a review of the        of system development funds\nBusiness Systems Modernization program conducted by a             and fraudulent refunds not\n                                                                        being stopped.\ncontractor. One of the processes considered to be working\neffectively is the Senior Management Dashboard Review\nof projects, and the IRS is considering expanding this review process to include\nnonmodernization projects such as the EFDS. The IRS also established an Enterprise Services\noffice in the MITS organization to consolidate common enterprise programs.\nWhile executive oversight of the project was lacking, there was also very limited documentation\n(mostly in the form of emails) of the discussions and decisions made when the IRS determined\n\n                                                                                            Page 5\n\x0c                    The Electronic Fraud Detection System Redesign Failure Resulted\n                         in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nContractor 1 could not deliver the Web EFDS in 2005. For example, BSD organization\nmanagement stated that Contractor 1 agreed not to charge the IRS for the cost of updating and\nimplementing the old EFDS, which had been shut down in early December 2005. However, no\none could provide documentation showing when the agreement was made and who was present.\nIf this situation had been documented and elevated to the appropriate executives, action could\nhave been taken to ensure the contractor was held to the agreement. If the IRS determined the\nagreement was not legally binding, BSD organization management, at a minimum, would have\nknown to expect the charges.\nIt is important to document key events and decisions so employee and contractor accountability\nis established and follow-up can be done to ensure actions are completed as expected. In\naddition, when new managers and staff are assigned to the project, documentation of key events\nand decisions will help them understand the history of the project, lessons learned from prior\nactivities, and responsibilities of contractors and employees. By expanding the Senior\nManagement Dashboard Review and establishing the Enterprise Services office, the IRS hopes\nto ensure the Web EFDS problems do not happen again.\n\nThe management review process over the information technology investment\nportfolio and Business Case did not resolve conflicting statements regarding the\nEFDS status\nThe IRS prepared an information technology investment portfolio and Business Case for the\nEFDS project. The information technology investment portfolio for FYs 2005 and 2006 shows\nthe project cost $12.6 million, with $12 million (95 percent) assigned to the Steady State\ncategory and $0.6 million (5 percent) assigned to the Development/Modernization/Enhancement\ncategory. However, significantly more funds have been spent on system development activities.\nThe most current Business Case, dated January 31, 2006, shows the EFDS total costs from\nAugust 1994 through September 2005 were $185.9 million. The EFDS is presented as a Steady\nState project, although the Business Case describes ongoing operations and maintenance\nactivities, development of the web-based application, and redesign of the database. The Business\nCase also contains several conflicting statements7 describing the project and the system\ndevelopment status:\n       \xe2\x80\xa2   Part I.A. (Investment Description) has the following conflicting project descriptions:\n                o The EFDS is a mission critical, web-based automated system designed to\n                  maximize fraud detection at the time that tax returns are filed to eliminate the\n                  issuing of questionable refunds.\n                o The EFDS is currently a client server-based application used by authorized\n                  Criminal Investigation Division employees.\n\n7\n    The bolded words in the italicized direct quotes show the conflicting information.\n                                                                                                Page 6\n\x0c               The Electronic Fraud Detection System Redesign Failure Resulted\n                    in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n            o The EFDS will migrate to a web-based system for PY 2006.\n            o The EFDS is a Tier C operational system/maintenance project in the IRS\n              As-built Architecture. Tier C projects are maintenance projects for existing\n              systems that are critical to sustaining operations, including making the changes\n              required by new tax laws or system improvements that do not significantly change\n              functionality, but improve the process.\n    \xe2\x80\xa2   Part I.E. (Alternative Analysis) and Part I.G. (Acquisition Strategy for existing\n        contract(s) system development), respectively, have the following conflicting statements\n        about the EFDS development status:\n            o The EFDS is a Steady State system that is not currently scheduled to be\n              replaced. The most recent operational analysis of the EFDS was completed on\n              April 15, 2005. Based on our customer (Criminal Investigation Division) survey\n              . . . there is no indication that the EFDS requires major enhancement or\n              replacement at this time.\n            o The current task orders enable the contractors to research and provide solutions\n              for the EFDS, including researching best practices; and defining, developing, and\n              implementing a reengineered EFDS application and database. Specific tasks\n              include database architecture design, production support, startup/migration\n              activities, loads and application reengineering in the business data model.\nBased on information in the Business Case and the cost of the system, the EFDS should have\nbeen placed in two different categories. The original System should have been shown in the\nSteady State category, and the new Web EFDS development project should have been shown in\nthe Development/Modernization/Enhancement category. Therefore, based on IRS guidelines,\nthe EFDS should be categorized as a Development/Modernization/Enhancement project and be\ngoverned by an Executive Steering Committee that includes executives from outside the BSD\norganization.\nThe inaccuracy of IRS Business Cases was also the subject of a prior TIGTA audit report.8 In\nresponding to the audit report, the IRS agreed to take several actions to improve the accuracy of\nthe Business Cases, including designating project managers as the individuals accountable for all\ndata contained in their operational and developmental Business Cases and providing training and\nguidance documents as appropriate. However, management\xe2\x80\x99s actions did not result in the EFDS\nBusiness Case containing accurate and consistent information.\n\n\n\n\n8\n Business Cases for Information Technology Projects Need Improvement (Reference Number 2005-20-074,\ndated April 2005).\n                                                                                                      Page 7\n\x0c              The Electronic Fraud Detection System Redesign Failure Resulted\n                   in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nAlthough the Business Case was also reviewed by the IRS, the Department of the Treasury, and\nthe OMB, none of the reviewers questioned the categorization of the project or the conflicting\nstatements.\nThe lack of adequate executive oversight and monitoring of the Web EFDS project contributed\nto the EFDS not being implemented for PY 2006 and the System not being used to identify and\nstop fraudulent tax returns and refunds. During PY 2005, $412.2 million in fraudulent refunds\nwere stopped. The IRS reported that, due to other leads, $93.9 million in fraudulent refunds had\nbeen stopped as of May 19, 2006, without the EFDS being operational. Based on the value of\nfraudulent refunds stopped in PYs 2005 and 2006 (through May 19, 2006), we estimate\napproximately $318.3 million in fraudulent refunds may have been issued in 2006, resulting in\nlost revenue to the Federal Government (see Appendix IV).\n\nRecommendations\nRecommendation 1: The Chief Information Officer (CIO) should ensure the EFDS project is\nassigned to an Executive Steering Committee for executive oversight, including documenting\nkey decisions and assignments.\n       Management\xe2\x80\x99s Response: IRS management agreed with this recommendation. The\n       EFDS was officially placed under the governance of the Taxpayer Relationship\n       Management Executive Steering Committee on May 31, 2006. The Executive Steering\n       Committee process and procedures include preparation of meeting agendas, minutes, and\n       other appropriate project documentation of key decisions and assignments.\nRecommendation 2: The CIO should evaluate other projects being managed in the new\nApplications Development organization and ensure all are assigned to the appropriate oversight\nprocess. High-risk projects, like the EFDS, should also be included in the Senior Management\nDashboard Review process.\n       Management\xe2\x80\x99s Response: IRS management agreed with this recommendation. The\n       Associate CIOs for Applications Development and Enterprise Services have begun initial\n       evaluations of other projects being managed in the new Applications Development\n       organization. In April 2006, Applications Development projects identified as high\n       risk/high impact were assigned to either the Senior Management Dashboard Review or\n       the Project Health Assessment Review process and to the appropriate governance\n       structure (e.g., Executive Steering Committee) for oversight. The first phase of\n       evaluation was to discuss and apply management judgment to ensure high-risk projects\n       identified to date were assigned to the appropriate oversight process. All projects will be\n       asked to complete the Health Check Questionnaire. Responses to the Questionnaire will\n       be assessed and corrective actions taken as needed on at-risk projects.\n\n\n\n                                                                                           Page 8\n\x0c                  The Electronic Fraud Detection System Redesign Failure Resulted\n                       in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nRecommendation 3: The CIO should ensure the Business Case and the information\ntechnology investment portfolio are revised to categorize the EFDS project properly and include\naccurate and consistent information.\n           Management\xe2\x80\x99s Response: IRS management agreed with this recommendation.\n           Work on the Web portal EFDS has stopped, and no determination has been made\n           concerning implementation of the System. The old EFDS application is being updated\n           and is planned to be in production in January 2007. Accordingly, the EFDS Business\n           Cases are being revised to categorize the restoration of the old EFDS as a Steady State\n           investment. The categorization proposal will be sent to the Department of the Treasury\n           Office of the CIO for concurrence and to ensure accuracy and consistency of the\n           information.\n\nThe Electronic Fraud Detection System Risks Were Not Effectively\nManaged\nDepartment of the Treasury Publication 84-019 states that general standardization of life cycle\nmanagement ensures systems are developed, acquired, evaluated, and operated efficiently, within\nprescribed budget and schedule constraints, and are responsive to mission requirements. A\nsoftware development life cycle methodology provides a structured and consistent approach to\ninformation technology project development. In 2001, 2003, and 2004, MITS organization\nmanagement issued memoranda directing the Enterprise Life Cycle-Lite (ELC-Lite) be used as\nthe required system development methodology for all nonmodernization projects. The ELC-Lite\naddresses the life cycle of project management and the phases and milestones of development,\nreview, and approval of project plans.\nThe Department of the Treasury Information Technology Manual and the IRS system\ndevelopment guidelines stipulate that, as part of the information system life cycle management\nprocess, project management should identify project risks early and manage them before they\nbecome problems. The risk management process encompasses the identification of risk issues,\nassessment of risk to define probability and impact, preparation and implementation of risk\nmitigation and risk contingency plans, and continuous monitoring of those actions to ensure\neffectiveness. Risk management is used to ensure critical areas of uncertainty are surfaced early\nenough to be addressed without adversely affecting cost, schedule, or performance.\nThe BSD organization\xe2\x80\x99s EFDS Project Office has responsibility for analyzing and coordinating\nnew or changed requirements with the business operating divisions and contractors supporting\nthe EFDS. The EFDS Project Office is also responsible for developing, maintaining, and\nenhancing computer programs that support the business requirements and improve the IRS\xe2\x80\x99\nefficiency in detecting potentially fraudulent returns.\n\n9\n    Information System Life Cycle Manual (dated March 2002).\n                                                                                             Page 9\n\x0c                 The Electronic Fraud Detection System Redesign Failure Resulted\n                      in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nThe IRS issued a task order to Contractor 1 for the period June 2000 through May 2006\nauthorizing approximately $39.5 million for EFDS software maintenance and development. As\nof April 2006, the IRS had paid Contractor 1 over $37 million, approximately $18.5 million10 of\nwhich was for Web EFDS development. The Web EFDS was initially scheduled for\nimplementation in January 2005. However, in October 2004, CI Division and BSD organization\nmanagement had doubts the System would be ready. On November 1, 2004, IRS executives\ndecided to use the old EFDS for PY 2005. During 2005, the contractor continued to promise the\nWeb EFDS would be delivered in January 2006, but it was not operational for PY 2006 because\nthe contractor, again, did not deliver a System that worked. For example, we were provided an\nemail from the contractor dated October 21, 2005, that stated \xe2\x80\x9c[Contractor 1] remains confident\nin our ability to deliver the EFDS web portal application for use by the IRS Criminal\nInvestigation Division on January 13, 2006.\xe2\x80\x9d Because the IRS believed the contractor\xe2\x80\x99s\nassurances that the System would be delivered for PY 2006, no contingency plan was developed\nand no actions were taken to go back to using the old System, similar to what was done for\nPY 2005.\nIn an effort to get Web EFDS implemented in 2006, the IRS increased oversight activities in\nAugust 2005 by beginning biweekly meetings among the CI Division, the BSD organization, and\nthe contractors. On October 31, 2005, an EFDS Readiness Executive Briefing was held with the\nProduct Assurance organization and other MITS organizations involved with implementation of\nthe Web EFDS. In late November or early December 2005, the IRS began holding daily\nexecutive meetings. In December 2005, the IRS again increased oversight activities by holding\nmore frequent technical team meetings with the contractors. In February 2006, the IRS\nestablished a \xe2\x80\x98War Room\xe2\x80\x99 and command center to monitor Web EFDS development activities\nthat continued until early April 2006, in hopes of getting the System to work.\nThe EFDS redesign activities were viewed as an enhancement to an existing System instead of as\na complex system development effort. Project documentation indicates the Web EFDS project\nfollowed the ELC-Lite system development methodology and the status of the project was\nmonitored through project team and contractor discussions, status reports, and reviews of the\nwork breakdown structure. Although numerous indications of potential risks and problems were\nraised throughout the project, effective corrective actions were not taken, as summarized below.\n\n\n\n\n10\n This amount is based on our analysis of the total costs obtained from the EFDS Project Office and the IRS\nweb-based requisition tracking system.\n                                                                                                        Page 10\n\x0c              The Electronic Fraud Detection System Redesign Failure Resulted\n                   in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nProblems were identified during preparation for PY 2005\nDuring 2004, the EFDS Project Office and contractors were working to convert the old EFDS to\na web-based application and to redesign the System\xe2\x80\x99s databases. However, signs of development\ndifficulties began to surface by the middle of the year. Specifically:\n   \xe2\x80\xa2   On June 18, 2004, the Contracting Officer\xe2\x80\x99s Technical Representative (COTR) expressed\n       concerns to the contractor\xe2\x80\x99s development team that they had not completed a\n       walk-through of the application with the users. Therefore, the contractor was not\n       sufficiently familiar with the functionality of the current EFDS, changes were made\n       without considering user needs, and requirements were not followed.\n   \xe2\x80\xa2   In July or August 2004, the Project Manager was informed by the System Acceptability\n       Testing (SAT) team leader that the System was completely unusable when the first\n       versions of the applications were delivered for testing.\n   \xe2\x80\xa2   On October 6, 2004, the EFDS Project Manager advised the CI Director, Refund Crimes,\n       of significant problems with the Web portal application. On October 18, 2004, the SAT\n       Branch Chief advised the CI Director, Refund Crimes, that late delivery of the Web\n       portal applications to the SAT team put the testing approximately 6 weeks behind\n       schedule.\nDue to the continuing problems, IRS executives and the contractor agreed in late October 2004\nthe System modifications would not be ready by January 2005, and a decision was made by\nCI Division and MITS organization executives to use the old System for PY 2005 while work\ncontinued on the new System.\n\nProblems were identified during preparation for PY 2006\nBecause the 2004 effort failed to deliver a new System in time for PY 2005 and the old System\nwas restored, the EFDS Project Office and contractors continued to work on converting the old\nEFDS to a web-based application and redesigning the System\xe2\x80\x99s databases during 2005.\nHowever, signs of development difficulties again began to surface early in the year.\nSpecifically:\n   \xe2\x80\xa2   On April 20, 2005, an EFDS Project Office email cited data loads and other problems had\n       been identified with the System.\n   \xe2\x80\xa2   On May 10, 2005, the CI Director, Refund Crimes, requested an independent study of the\n       Web EFDS requirements to provide some assurance that the contractor would be able to\n       deliver what it agreed to. The Director advised that the study needed to be done in the\n       summer of 2005, not after the System was implemented. The BSD Director, Filing\n       Systems Division, replied that the time needed to resolve \xe2\x80\x9ca few existing glitches\xe2\x80\x9d would\n       not permit them to begin a study until mid-2006 at the earliest, and because the MITS\n       organization did not have funds for the study, the CI Division would have to fund it. The\n\n                                                                                        Page 11\n\x0c              The Electronic Fraud Detection System Redesign Failure Resulted\n                   in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n       CI Division agreed to fund the study; however, due to staffing availability, the study was\n       not performed.\n   \xe2\x80\xa2   In August 2005, the CI Division received the training database to begin development of\n       training materials and identified numerous problems with the Web EFDS application.\n   \xe2\x80\xa2   The August 26, 2005, CI Division meeting minutes reported significant performance\n       problems with the computer network, numerous application defects, considerable\n       usability issues, incomplete implementation of requirements, and the need for a\n       contingency plan. The EFDS Project Office did not have a contingency plan.\n   \xe2\x80\xa2   On October 25, 2005, the BSD Director, Filing Systems Division, issued an EFDS\n       Readiness Review to the Deputy Director, Enterprise Operations; Director, Enterprise\n       Networks; Director, Product Assurance; and Acting Deputy Director, End User\n       Equipment and Services, outlining the problems, ramifications of not reducing the risks,\n       and mitigation plans.\n   \xe2\x80\xa2   On October 28, 2005, the Product Assurance organization informed the CI Division that a\n       significant number of problems with the data conversion had been encountered.\n   \xe2\x80\xa2   On November 2, 2005, the BSD Director, Filing Systems Division, and a BSD\n       Information Technology Specialist made a trip to the CI Division training location to\n       observe the System\xe2\x80\x99s problems.\n   \xe2\x80\xa2   On December 22, 2005, the EFDS Project Information Technology Specialist discovered\n       significant inaccuracies in three recent work breakdown structures submitted by\n       Contractor 1. The contractor reported the execution of the annual data loads to be\n       10 percent, 40 percent, and 50 percent completed in the work breakdown structures dated\n       November 28, December 15, and December 20, 2005, respectively. However, the IRS\n       was advised by the contractor\xe2\x80\x99s technical staff that the data loads had never been started.\n       We were told the IRS advised the contractor of this situation but did not pursue the\n       matter.\nThe IRS business units also conduct quarterly Business Performance Reviews to assess the status\nof programs. The CI Division\xe2\x80\x99s review for the fourth quarter of FY 2005, dated\nSeptember 30, 2005, raised the first indication of potential problems. The report stated that, due\nto the scope of the project, it was impossible to keep both the old and new Systems operational.\nThis situation could negatively affect fraud detection until System deficiencies are corrected and\nusers become accustomed to the new functionality. However, the report indicated the\nCI Division and the MITS organization had been coordinating to reduce the risks, and the\nCI Division had informed external stakeholders of potential implementation problems. The first\nquarter FY 2006 review, dated December 31, 2005, stated the System was currently delayed and\nremained in SAT, meetings between the MITS organization and CI Division had occurred twice\n\n\n                                                                                          Page 12\n\x0c              The Electronic Fraud Detection System Redesign Failure Resulted\n                   in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\na week to discuss progress and potential risk to the program, and training for Fraud Detection\nCenter personnel had been stopped.\nThe MITS organization Business Performance Reviews did not identify the Web EFDS\nimplementation as a risk until the System missed the January 2006 implementation date. The\nfirst quarter FY 2006 Business Performance Review, dated February 16, 2006, stated the MITS\norganization failed to implement the EFDS timely for production startup on January 13, 2006.\nMitigation actions for the risk included holding Senior Executive daily conference calls, a\ntechnical team (EFDS Project Office, Enterprise Operations organization, and contractor)\nworking daily on work breakdown structure dates and other issues, stopping prisoner refunds,\nand delivering a fully functional system to the CI Division per the current work breakdown\nstructure of February 3, 2006.\n\nKey management documents were not prepared or properly maintained\nSoftware development life cycle documentation is an integral part of the information system\ndevelopment process. The life cycle methodology should specify the documentation to be\ngenerated during each phase. All project plans are considered process documentation necessary\nto communicate status and direction and allow management to verify if appropriate progress is\nbeing made during the development process. The EFDS Project Office used ELC-Lite as the\nsystem development life cycle because the Web EFDS Project was classified as a Tier C or\nSteady State project. The life cycle requirements include the preparation and maintenance of\nthree key project documents (project management plan, risk management plan, and work\nbreakdown structure/schedule). The EFDS Project Office had the three key project documents;\nhowever, two of them were not maintained properly and one was not created timely.\n   \xe2\x80\xa2   A project management plan was created on May 8, 2001, and last updated on\n       September 30, 2003.\n   \xe2\x80\xa2   A risk management plan was created June 23, 2004, and had not been updated. The plan\n       should have been updated after the contractor missed the January 2005 implementation\n       date, included the risk that the contractor would again not implement the Web EFDS\n       timely, and described the activities (e.g., increased project management and executive\n       oversight activities) needed to reduce this risk.\n   \xe2\x80\xa2   A work breakdown structure was not prepared in 2004, but one was created in 2005.\n       However, it did not include the original completion dates of the activities required to\n       implement the Web EFDS. Therefore, original baseline dates are not available to\n       determine the actual schedule slippages.\nThe ELC-Lite system development life cycle also requires milestone reviews during the\nArchitecture, Integration, and Operations and Support Phases of the life cycle. However, no\nmilestone reviews were conducted.\n\n                                                                                           Page 13\n\x0c              The Electronic Fraud Detection System Redesign Failure Resulted\n                   in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nIf the EFDS had been properly classified as a Tier B or development project, preparation of\nadditional required documents such as a performance management plan, data management plan,\ntransition to support plan, configuration management plan, and contingency plan would have\nhelped manage the project risks. A more formalized governance structure, including an\nExecutive Steering Committee to help oversee project activities, would also have been required.\nA configuration management plan had been developed; it showed a configuration management\nboard composed of EFDS project team members had been established to control changes to the\nproject. The EFDS Project Executive advised us a new configuration control board will be\nestablished including higher level management.\nHad a contingency plan been prepared after the contractor failed to deliver a System for use in\n2005 and after the CI Division expressed concerns about the contractor\xe2\x80\x99s ability to deliver a\nSystem timely for 2006, IRS management may have been better prepared to deal with the\nproblems that occurred in 2006. Although the BSD Director, Filing Systems Division, emailed\nthe CI Director, Refund Crimes, on October 18, 2005, to confirm that the BSD organization did\nnot have a contingency plan for the EFDS, no other actions were taken. The BSD Chief,\nDocument Input Branch, stated there was no contingency plan because the BSD organization did\nnot have the funds to run both Systems at the same time. Documentation we were provided\nshows the issue was not elevated above Division-level management until October 31, 2005,\nwhen the BSD Director, Filing Systems Division, emailed the CIO and others about the Web\nEFDS status.\n\nProblems encountered during the SAT were indications of the poor quality of the\nwork performed by the contractor\nThe numbers of problem tickets reported by the SAT team and by the CI Division\xe2\x80\x99s testing\nefforts were other indications the Web EFDS would not be implemented timely. Our review of\nthe problem tickets recording application problems identified during testing showed over\n900 problems were identified and recorded. Figure 2 provides a breakdown of the recorded\nproblem tickets.\n\n\n\n\n                                                                                        Page 14\n\x0c                 The Electronic Fraud Detection System Redesign Failure Resulted\n                      in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n                          Figure 2: Monthly Totals of Problem Tickets\n                      Month/Year              Problem Tickets11 As of March 15, 2006\n                  July 2005                                      10\n                  August 2005                                    26\n                  September 2005                                 13\n                  October 2005                                   21\n                  November 2005                                  76\n                  December 2005                                 192\n                  January 2006                                  534\n                  February 2006                                  66\n                  March 2006                                     33\n                         Total                                  971\n                 Source: TIGTA analysis of EFDS problem tickets.\n\nThe SAT team encountered numerous problems while testing the Web EFDS during July 2005\nthrough April 2006. The test results were reported in a test status report dated May 11, 2006.\nWe interviewed the SAT team and reviewed the test status report. Problems encountered\nincluded:\n     \xe2\x80\xa2   Documentation of the database characteristics was never delivered, so the SAT team\n         could not verify the accuracy of the tables and columns (data type and format).\n     \xe2\x80\xa2   Corrections to identified problems were not effective and at times created new problems.\n     \xe2\x80\xa2   Daily data loads failed to finish populating the databases; as a result, testing of the Web\n         portal application could not be completed until the daily loads were finished. Some of\n         the problems with the daily loads remain unresolved.\nSAT management stated they would like to have seen a better quality product delivered by the\ncontractor. The number of problems identified (over 900) and the number of software fixes\nreceived were indications of an unsatisfactory product. The lack of coordination among the\ncontractor\xe2\x80\x99s development teams was evident. For example, when one development team made a\nchange, it did not notify other development teams whose portions of the System were affected by\nthe change. As a result, the SAT team would encounter another problem with the program. This\nwould cause the SAT team to write another problem ticket, which would go back to the\ncontractor, requiring another software fix.\n\n\n\n\n11\n   On December 1, 2005, unresolved problem tickets recorded on the CI Division\xe2\x80\x99s database were transferred to the\nProduct Assurance organization\xe2\x80\x99s problem ticket database. We were unable to determine the number of problem\ntickets opened and closed by the CI Division from August to December 2005 that were not included in the Product\nAssurance organization\xe2\x80\x99s problem ticket database.\n                                                                                                         Page 15\n\x0c              The Electronic Fraud Detection System Redesign Failure Resulted\n                   in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nCost and schedule variances were not effectively monitored\nBecause the Web EFDS was classified as a Steady State project, an initial cost estimate for the\nWeb EFDS development was not prepared. Therefore, management did not monitor for and we\ncannot determine whether there were cost overruns. However, funds continued to be added to\nthe project to pay the contractors for their system development efforts.\nBecause a baseline work breakdown structure was not established before the Web EFDS\ndevelopment began, we did not perform an analysis of the work breakdown structure. However,\nwe identified at least one significant inaccuracy in the work breakdown structure. As discussed\npreviously, on December 22, 2005, an EFDS Project Information Technology Specialist\ndiscovered significant inaccuracies in three recent work breakdown structures submitted by\nContractor 1. We were told the IRS advised the contractor of this situation but did not pursue the\nmatter to determine the impact on the schedule.\nBSD organization management stated numerous work breakdown structures were prepared in\n2005 and 2006 with deliverable due dates changed several times. However, Contractor 1 was\nnot held accountable for meeting the scheduled due dates. We were also told by IRS\nmanagement that Contractor 1 generally had an explanation for the delays and reassured the IRS\nthat it would meet the January 13, 2006, implementation date.\nAnother indication of schedule variance is the change in the implementation date. The original\nimplementation date for the Web EFDS was January 14, 2005; this was later revised to\nJanuary 13, 2006, after the contractor missed the first due date. As of April 19, 2006, the IRS\nhad stopped work on the Web EFDS.\n\nNumerous leadership, project team, and contractor staff changes led to\ninconsistent and inadequate oversight and development activities\nDuring development of the Web EFDS, there were numerous changes in project management\nand executives responsible for project oversight. For example, between 2002 and 2005, there\nwere three Associate CIOs, three Division Directors, and two Project Managers (see\nAppendix VII). Frequent changes in leadership can affect a project\xe2\x80\x99s continuity and direction\nand may indicate other problems with the project. For example, one Project Manager indicated\nthat reassignment from the project was requested due to project problems and the lack of support\nfrom upper management.\nThere was also excessive turnover of contractor employees working on the project, partially due\nto mergers of the contractor firms. The combination of the assignment of new employees who\nneed to become familiar with a project and the loss of highly skilled employees can jeopardize\ninformation technology projects and result in less than full performance. Contractor 1\xe2\x80\x99s\nbiweekly status report included a section showing numerous departures and/or staffing changes,\nas summarized in Figure 3. Positions with vacancies included testers, developers, and database\nadministrators.\n\n                                                                                          Page 16\n\x0c                 The Electronic Fraud Detection System Redesign Failure Resulted\n                      in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n                                Figure 3: Contractor Turnover Rate\n                                                                  Number of\n                                       Total Number of                                 Turnover\n                      Year               Employees\n                                                                Employees Who\n                                                                                         Rate\n                                                                    Left\n                      2004                     46                       33               72%\n                      2005                     42                       20               48%\n                      2006\n                                               43                       20               47%\n                   estimate12\n               Source: The BSD organization.\n\nBecause of the IRS\xe2\x80\x99 failure to effectively manage the above risks and problems, an EFDS was\nnot available for 2006, which significantly reduced the IRS\xe2\x80\x99 ability to identify and stop millions\nof dollars in fraudulent refunds. As of April 19, 2006, the IRS had stopped all work on the\nredesigned Web EFDS, and all efforts were focused on restoring the previous EFDS for use in\nJanuary 2007. The EFDS Project Executive advised us that a decision would be made in the\nfuture about whether to continue the Web EFDS development efforts and what contracting\napproach should be used. Because the Web EFDS was not implemented as scheduled in 2005\nand 2006 and there are no current plans to continue development of the Web EFDS, we estimate\nthe IRS inefficiently used resources totaling $20.5 million13 from May 25, 2001, to\nApril 24, 2006, for the contractor costs associated with development of the Web EFDS (see\nAppendix IV). An undeterminable amount of internal staffing costs were also incurred in trying\nto test the new System and monitor the primary contractor\xe2\x80\x99s activities.\nMany of the problems experienced by the Web EFDS project are similar to those we have\nreported previously related to the IRS Business Systems Modernization program. Since\nFY 2002, our annual assessments of the Business Systems Modernization program14 have\ncited four specific challenges the IRS needs to overcome to deliver a successful\nmodernization effort. Three of these challenges are related to the issues presented above,\nindicating a need for the IRS to address these same challenges on projects outside the\nBusiness Systems Modernization program. These challenges include the need for the IRS to:\n\n\n\n\n12\n   The total number of employees (43) and the number of employees (5) who left the project were determined\nthrough March 2006 (i.e., first quarter of 2006). The number of employees who left the project through March (5)\nwas multiplied by 4 to determine an annual estimate (20).\n13\n   This amount was based on our analysis of the total costs obtained from the EFDS Project Office and the IRS\nweb-based requisition tracking system.\n14\n   Annual Assessment of the Business Systems Modernization Program (Reference Number 2005-20-102, dated\nAugust 2005).\n                                                                                                         Page 17\n\x0c                    The Electronic Fraud Detection System Redesign Failure Resulted\n                         in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n       \xe2\x80\xa2   Implement planned improvements in key management processes and commit\n           necessary resources to succeed.\n       \xe2\x80\xa2   Manage the increasing complexity and risks of the modernization program.\n       \xe2\x80\xa2   Maintain continuity of strategic direction with experienced leadership.\n\nRecommendations\nRecommendation 4: The CIO should ensure project risks are identified properly and plans\nare prepared to reduce the risks affecting the successful development of the project.\n           Management\xe2\x80\x99s Response: IRS management agreed with this recommendation.\n           Risks, issues, and mitigation strategies for the EFDS are identified and documented for\n           the Taxpayer Relationship Management Executive Steering Committee and the Senior\n           Management Dashboard Review. All items will be documented in the Item Tracking\n           Reporting and Control System and discussed at the Senior Management Dashboard\n           Review and Executive Steering Committee meetings.\nRecommendation 5: The CIO should ensure the proper system development life cycle\nmethodology is implemented for the EFDS development, based on the types of changes being\nmade to the System.\n           Management\xe2\x80\x99s Response: IRS management agreed with this recommendation.\n           Work on the Web portal EFDS has stopped. The old EFDS is being updated and is\n           planned to be in production in January 2007. Meetings began the week of June 26, 2006,\n           to discuss tailoring the ELC for the old EFDS. Once the tailoring plan has been\n           completed, ELC milestone reviews will occur as scheduled. The IRS expects the\n           restoration of the old EFDS will be characterized as Steady State.\n\nContractor 1\xe2\x80\x99s Performance Was Not Effectively Monitored, and\nPerformance-Based Contracts Were Not Used\nThe Federal Acquisition Regulation (FAR)15 holds contractors responsible for timely contract\nperformance; however, the Federal Government is also responsible for monitoring contractor\nperformance, as necessary, to protect its interest. This monitoring should include comparing a\ncontractor\xe2\x80\x99s performance plans, schedules, controls, and processes against the contractor\xe2\x80\x99s actual\nperformance; determining the contractor\xe2\x80\x99s progress; and identifying any factors that may delay\nperformance. Agencies are also required to develop quality assurance surveillance plans when\nacquiring services. The IRS Office of Procurement Policy best practices state that a planned\nsurveillance effort is necessary to measure contractor performance and ensure successful\n\n15\n     48 C.F.R. ch. 1 (2005).\n                                                                                             Page 18\n\x0c              The Electronic Fraud Detection System Redesign Failure Resulted\n                   in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\ncompletion of tasks. In addition, the FAR requires agencies to prepare evaluations of contractor\nperformance for contracts with a value exceeding $1 million. Interim evaluations should be\nprepared for contracts with a period of performance, including options, exceeding 1 year.\nAgencies are also required to describe requirements in terms of results rather than process; use\nmeasurable performance standards; provide for reductions of fees or price (e.g., for work that\nwill not be or was not done); and include performance incentives, where appropriate.\nContracting Officers are responsible for ensuring performance of all necessary actions for\neffective contracting, ensuring compliance with the terms of the contract, and safeguarding the\ninterests of the Federal Government in its contractual relationships. The FAR includes a detailed\nlist of contract administration functions required of Contracting Officers, many of which can be\ndelegated to a COTR. COTR responsibilities for managing Treasury Information Processing\nSupport Services-2 contracts include developing requirements; monitoring contractor\nperformance and schedule; developing, reviewing, inspecting, and accepting deliverables;\nreviewing invoices; informing the Contracting Officer when the contractor is behind schedule\nand coordinating corrective action to ensure the contract schedule is met; and reviewing monthly\nstatus reports. Specific responsibilities in the appointment letter of the EFDS COTR include\nmonitoring the contractor\xe2\x80\x99s performance, reviewing the vouchers, performing quarterly technical\nevaluations, and coordinating with the program office actions relating to funding and changes in\nscope of work.\nWe reviewed six work requests written against the EFDS task order and determined they\nincluded deliverables written in general terms with no specific due dates. For example, the due\ndates for the following documents were May 25, 2005, to January 13, 2006:\n   \xe2\x80\xa2   Requirements Traceability Matrix.\n   \xe2\x80\xa2   Quality Assurance Plan, with revisions.\n   \xe2\x80\xa2   Software Specification Requirement version 1.2a.\n   \xe2\x80\xa2   Test Plans for testing activities associated with 2005 and 2006.\nMost of the deliverables in subsequent work requests to cover the contractor\xe2\x80\x99s work from\nFebruary 5, 2006, to April 6, 2006, also did not have specific due dates, and the work requests\nwere not performance- or incentive-based requests. As of April 19, 2006, the contractor had not\ndelivered a fully functional EFDS.\nBecause cost-reimbursement contracts were used without performance-based requirements, the\ncontractor continues to be paid for system development work while a critical system used to stop\nfraudulent tax returns and refunds could not be used during PY 2006. The Federal Government\xe2\x80\x99s\ninterest has not been protected, and the contractor cannot be held accountable for not meeting\ndeliverable due dates.\n\n\n                                                                                         Page 19\n\x0c              The Electronic Fraud Detection System Redesign Failure Resulted\n                   in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nWhile the contract vehicle used to obtain contractor services is very important, the effectiveness\nof the COTR in monitoring the contractor\xe2\x80\x99s performance is also crucial in assuring successful\ncontract administration. ****3(d)****\n\n\n\n\nThe contractor\xe2\x80\x99s inability to deliver the Web EFDS for PY 2006 is a major concern. However,\nthis issue is magnified by the fact that the System was originally scheduled for implementation in\nJanuary 2005. In October 2004, IRS executives became concerned about the status of the Web\nEFDS development. CI Division and MITS organization executives decided that, because the\nWeb EFDS could not be implemented in January 2005 as planned, the old EFDS would be\nimplemented. Therefore, the old EFDS had to be revised by loading data, making software\nupdates, and testing the System so it could be implemented for PY 2005. IRS management\nadvised us that, during a meeting between IRS and contractor executives, a Contractor Senior\nDirector commented the old EFDS would be updated and implemented at no cost to the Federal\nGovernment because the contractor did not deliver the Web EFDS as scheduled. However, the\ncontractor submitted charges totaling $459,718 for the additional work to get the old EFDS ready\nfor implementation, and these charges were paid by the IRS. The EFDS Project Manager\nadvised us the invoices were paid without question because all invoices for the contract type that\n\n                                                                                           Page 20\n\x0c              The Electronic Fraud Detection System Redesign Failure Resulted\n                   in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nwas used must be paid in full. The contractor had stated only verbally it would not charge the\nIRS for updating the old EFDS for use in 2005, and the matter was not raised with the contractor.\nTherefore, these costs are considered questioned costs (see Appendix IV) because the contractor\ndid not deliver a Web EFDS that worked.\nThe IRS has established a Questionable Refund Program Executive Steering Committee to\nreview and approve changes to the Program. One of the Committee\xe2\x80\x99s action items is to analyze\nthe pros and cons of moving all or some of the EFDS work from the CI Division to other\nbusiness units, to allow the CI Division to focus its efforts on identifying refund schemes worthy\nof criminal investigation. A due date for the analysis has not been determined. If some or all of\nthe EFDS work will be performed by the other business units, the current Web EFDS may not\nmeet their needs. The change would require the EFDS Project Office to gather requirements\nfrom all the new users.\nEnsuring contractor performance and accountability is not only a concern for the Web EFDS. As\npreviously mentioned, our annual assessments of the Business Systems Modernization program\nhave cited four specific challenges the IRS needs to overcome to deliver a successful\nmodernization effort. The fourth challenge, which also applies to the EFDS, is to ensure\ncontractor performance and accountability are effectively managed. The IRS has taken actions\nto address the issue of risk and cost sharing between the IRS and contractors in the Business\nSystems Modernization program. For example, due to problems and delays during the Integrated\nFinancial System development, the IRS and the contractor established a task order cost-sharing\nagreement in which both parties will pay a percentage of the development costs based on a\ndefined period of time. However, such actions were not taken by the EFDS Project Office.\nBy using cost-reimbursement contracts without performance-based requirements, ineffectively\nmonitoring contractor performance, and not questioning contractor invoice charges for updating\nthe old EFDS, the IRS did not ensure the Federal Government\xe2\x80\x99s interests were protected and the\nWeb EFDS was implemented timely to identify and stop fraudulent tax returns and refunds.\n\nRecommendations\nRecommendation 6: The CIO should ensure contractors are accountable for performance by\ndeveloping performance-based requirements for new EFDS contracts. The CIO should also\nconsider employing cost-sharing arrangements for future task orders so both the IRS and\ncontractor share the risk of project development cost overruns.\n       Management\xe2\x80\x99s Response: IRS management agreed with this recommendation. The\n       contract for the old EFDS restoration is under negotiation, but it is anticipated that it will\n       be a cost-plus-fixed-fee contract with a percentage of the contractor\xe2\x80\x99s fees dependent\n       upon timely delivery of specified milestones. Any future contracts for completion of the\n       Web EFDS system will be performance-based contracts.\n\n\n                                                                                             Page 21\n\x0c              The Electronic Fraud Detection System Redesign Failure Resulted\n                   in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nRecommendation 7: The CIO should ensure COTRs are trained adequately and their duties\nare performed properly to monitor contractor performance effectively through planned\nsurveillance efforts and independent inspections of contractor work, as described by IRS Office\nof Procurement Policy best practices.\n       Management\xe2\x80\x99s Response: IRS management agreed with this recommendation. All\n       current COTRs are certified, having passed the COTR Training conducted by the Office\n       of Procurement prior to being appointed. Effective in FY 2007, the appropriate project\n       office management staff will have a commitment to ensure all COTRs are trained\n       adequately and their duties are performed properly to monitor the contractors\xe2\x80\x99\n       performance effectively through the use of planned surveillance efforts and independent\n       inspections of contractor work as described by the IRS Office of Procurement Policy best\n       practices.\nRecommendation 8: The CIO and the Director, Procurement, should initiate discussions with\nthe contractor to recover the funds paid to the contractor to restore the old EFDS for use in\nPY 2005 and any additional costs resulting from nondelivery of a functional Web EFDS.\n       Management\xe2\x80\x99s Response: IRS management agreed with this recommendation. The\n       Federal Government was able to define the performance specifications only in general\n       terms and stated a specific level of effort per labor category in the task order. The IRS\n       directed the performance of the contractor through issuance of work requests. Because\n       the task order was awarded on a cost-reimbursement basis, the contractor is expected\n       only to fulfill the defined contractual requirements on a best effort basis. The contractor\n       fulfilled its contractual obligations of this task order and, therefore, there is no contractual\n       leverage available to negotiate any funds recovery on this task order. The Federal\n       Government is obligated to pay all allowable and allocable charges invoiced by the\n       contractor against this task order. In May 2006, the IRS initiated discussions with the\n       contractor regarding cost-sharing for the contract to restore the old EFDS for PY 2007.\nRecommendation 9: The CIO should defer additional work on the Web EFDS until the IRS\ndecides who will perform the EFDS work. If some or all of the work will transfer to other\nbusiness units, the CIO should ensure their requirements are identified before initiating a contract\nfor further development of the Web EFDS. The contract should be opened to competition.\n       Management\xe2\x80\x99s Response: IRS management agreed with this recommendation.\n       Work on the Web EFDS was stopped on April 19, 2006. An IRS-wide initiative for the\n       Questionable Refund Program has started, and a high-level strategy will be completed by\n       December 31, 2006. Because of this, no determination has been made concerning the\n       resumption of work on the Web EFDS. Any further development of the Web EFDS will\n       include requirements identified from this initiative, and any new development work will\n       be opened to competition under the Treasury Information Processing Support Services-3\n       contract.\n\n                                                                                              Page 22\n\x0c                   The Electronic Fraud Detection System Redesign Failure Resulted\n                        in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n                                                                                    Appendix I\n\n            Detailed Objective, Scope, and Methodology\n\nThe overall objective of this review was to determine whether the Internal Revenue Service\n(IRS) effectively managed annual programming changes and requested modifications to the\nElectronic Fraud Detection System (EFDS) prior to Processing Year1 (PY) 2006. Specifically,\nwe:\nI.         Determined whether policies and procedures for requesting, developing, managing, and\n           implementing system modifications were effective to ensure adequate testing and timely\n           implementation.\n           A. Reviewed the Modernization and Information Technology Services (MITS)\n              organization Capital Planning and Investment Control policies, procedures, and\n              documents to determine whether the EFDS was included in the MITS organization\n              information technology investment portfolio. We also interviewed Business Systems\n              Development (BSD) organization management and reviewed Executive Steering\n              Committee briefings and meeting minutes to determine whether an Executive\n              Steering Committee had oversight responsibility for the Web EFDS, problems were\n              elevated timely to senior management, and measures were taken to reduce risks.\n           B. Obtained and reviewed policies and procedures for monitoring contractor progress\n              and performance, and obtained the Requests for Information Services and\n              contract/task order information for the EFDS changes to be implemented for\n              PY 2006, to determine whether the Project Office ensured the Web EFDS changes\n              worked as expected and timely met the users\xe2\x80\x99 needs. We also determined how\n              problems were identified, elevated, and controlled and where the problems occurred.\n              We determined why the Web EFDS was not delivered timely and the effect on\n              PY 2006. We obtained and reviewed status reports and project schedules to\n              determine when critical problems initially occurred and when they were elevated.\n              We obtained and reviewed correspondence prepared by BSD organization\n              management notifying the Contracting Officer\xe2\x80\x99s Technical Representative (COTR)\n              and users about the Web EFDS problems and the resolution status.\n           C. Obtained and reviewed policies and procedures for monitoring contractor progress\n              and performance. We interviewed the COTRs and identified their process for\n              monitoring the contractor to ensure the work was on schedule and met the contract\n              terms and user requirements; obtained and reviewed status reports and minutes of\n\n\n1\n    See Appendix VI for a Glossary of Terms.\n\n                                                                                          Page 23\n\x0c            The Electronic Fraud Detection System Redesign Failure Resulted\n                 in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n         meetings between the COTRs and contractor(s) working on the Web EFDS project;\n         identified the type of the EFDS contract/task order and determined whether payments\n         were withheld for unacceptable performance; determined the amounts budgeted and\n         actually spent for the Web EFDS changes to be implemented for PY 2006;\n         determined whether the IRS required the contractor to perform the work again, in\n         conformity with contract and specified requirements; and determined the amount of\n         additional costs.\nII.   Determined whether system development problems were identified timely and risk\n      mitigation procedures were implemented to minimize the impact to the Questionable\n      Refund Program.\n      A. Obtained and reviewed system development policies and procedures for problem\n         identification and resolution.\n      B. Interviewed BSD organization and Criminal Investigation Division management and\n         staff responsible for the Web EFDS to determine the status of the Web EFDS;\n         whether the System was ever placed into production and operational during PY 2006;\n         how the problems were identified, tracked, and shared with customers and\n         contractor(s); when the problems occurred, the cause, and the resolution status;\n         whether the problems were associated with annual programming changes and/or\n         System redesign work completed prior to PY 2006; whether meetings/briefings were\n         held to discuss the effect from the problems and resolution status; and what\n         contingency plans were developed and whether they were implemented.\n      C. Obtained and reviewed reports used by management to monitor the status of the\n         problems. We obtained and analyzed a download of the Web EFDS problems\n         reported in the IRS problem ticket database to determine the problem ticket category,\n         date the ticket was opened, number of days open, and number of tickets opened in\n         each priority code and ticket category.\n      D. Obtained and reviewed the minutes from meetings/briefings held to discuss the\n         problems associated with the Web EFDS and determined who the attendees were, the\n         frequency of the meetings/briefings, and whether the effects from the application\n         problems and associated resolution status were discussed.\n      E. Obtained and reviewed correspondence and emails prepared by the BSD organization\n         to elevate the problems to executive management.\n\n\n\n\n                                                                                       Page 24\n\x0c             The Electronic Fraud Detection System Redesign Failure Resulted\n                  in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nIII.   Determined whether measures were being taken to correct the Web EFDS problems\n       timely.\n       A. Interviewed IRS personnel, attended conference call status briefings, and received\n          voice mail status briefings to determine the actions taken or recommended to\n          implement as quickly as possible a Web EFDS that met the requirements.\n       B. Obtained and reviewed minutes of meetings/discussions or other documentation\n          between contractors and BSD organization management regarding the status of Web\n          EFDS problems and required action items/resolutions to determine whether decisions\n          relating to Step III.A. were documented.\nIV.    Determined the validity and reliability of data from computer-based systems. We used\n       computer-based data to determine the amounts spent and planned to be spent on the Web\n       EFDS. We reviewed documentation supporting the project costs and the information\n       technology investment portfolio and Business Case to assess the completeness and\n       accuracy of the data. We determined the data were reliable as it related to our audit\n       objectives.\n\n\n\n\n                                                                                        Page 25\n\x0c             The Electronic Fraud Detection System Redesign Failure Resulted\n                  in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n                                                                              Appendix II\n\n                 Major Contributors to This Report\n\nMargaret E. Begg, Assistant Inspector General for Audit (Information Systems Programs)\nGary Hinkle, Director\nDanny Verneuille, Audit Manager\nTina Wong, Lead Auditor\nMark Carder, Senior Auditor\nPaul Mitchell, Senior Auditor\nPhung-Son Nguyen, Senior Auditor\nVan Warmke, Senior Auditor\nOlivia DeBerry, Auditor\nCharlene Elliston, Auditor\nPerrin Gleaton, Auditor\nKim McManis, Auditor\nLinda Screws, Auditor\n\n\n\n\n                                                                                     Page 26\n\x0c             The Electronic Fraud Detection System Redesign Failure Resulted\n                  in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n                                                                          Appendix III\n\n                        Report Distribution List\n\nCommissioner C\nOffice of the Commissioner \xe2\x80\x93 Attn: Chief of Staff C\nDeputy Commissioner for Operations Support OS\nDeputy Commissioner for Services and Enforcement SE\nChief, Agency-Wide Shared Services OS:A\nChief, Criminal Investigation SE:CI\nDeputy Chief, Criminal Investigation SE:CI\nDirector, Procurement OS:A:P\nAssociate Chief Information Officer, Applications Development OS:CIO:AD\nDirector, Capital Planning and Investment Control OS:CIO:R\nDirector, Refund Crimes SE:CI:RC\nDirector, Stakeholder Management Division OS:CIO:SM\nAudit Liaisons:\n       Deputy Commissioner for Operations Support OS\n       Deputy Commissioner for Services and Enforcement SE\n       Chief, Agency-Wide Shared Services OS:A\n       Director, Procurement OS:A:P\n       Manager, Program Oversight Office OS:CIO:SM:PO\n\n\n\n\n                                                                                Page 27\n\x0c                    The Electronic Fraud Detection System Redesign Failure Resulted\n                         in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n                                                                                               Appendix IV\n\n                                      Outcome Measures\n\n This appendix presents detailed information on the measurable impact that our recommended\n corrective actions will have on tax administration. These benefits will be incorporated into our\n Semiannual Report to Congress.\n\n Type and Value of Outcome Measure:\n       \xe2\x80\xa2     Revenue Protection \xe2\x80\x93 Potential; $318.3 million (see page 4).\n\n Methodology Used to Measure the Reported Benefit:\n The Electronic Fraud Detection System (EFDS) was not operational during Processing\n Year1 (PY) 2006. Therefore, Internal Revenue Service (IRS) management does not know how\n many fraudulent tax returns and refunds have not been and will not be stopped during PY 2006.\n Figure 1 shows the amount of fraudulent refunds stopped has generally increased over the last\n 4 years.\n         Figure 1: Fraudulent Refund Returns and Refunds Identified and Stopped\n Processing        Total         Refund         Returns       False       False    False Refunds    False Refunds\n   Year           Returns        Returns        Screened     Refund      Refund      Identified       Stopped2\n                   Filed          Filed         by Fraud     Returns     Returns\n                                                Detection   Identified   Stopped\n                                                 Centers\n      2002       130,341,159   104,367,859      1,942,089    81,486      41,358     $450,023,509     $333,541,138\n      2003       130,134,276   104,904,543      740,216      96,953      73,400     $349,515,144     $266,423,786\n      2004       130,459,600   106,420,200      463,222      118,075     82,099    $2,241,612,551   $2,110,454,658\n      2005       133,933,000   100,276,000      511,805      132,945     103,537    $515,548,186     $412,184,202\nSource: The Criminal Investigation Division.\n\n\n\n\n 1\n     See Appendix VI for a Glossary of Terms.\n 2\n     ****1****\n                                                                                                         Page 28\n\x0c                 The Electronic Fraud Detection System Redesign Failure Resulted\n                      in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nDuring PY 2005, $412.2 million in fraudulent refunds were stopped. The IRS reported that, due\nto other leads,3 $93.9 million4 in fraudulent refunds had been stopped as of May 19, 2006,\nwithout the EFDS being operational. Therefore, based on the value of fraudulent refunds\nstopped by the EFDS in PYs 2005 and 2006 (through May 19), we estimate approximately\n$318.3 million in fraudulent refunds may have been issued in 2006, resulting in lost revenue to\nthe Federal Government.\n\nType and Value of Outcome Measure:\n    \xe2\x80\xa2    Inefficient Use of Resources \xe2\x80\x93 Potential; $20.5 million (see page 9).\n\nMethodology Used to Measure the Reported Benefit:\nBecause the Web EFDS was not implemented as scheduled in 2005 and 2006, and there are no\ncurrent plans to continue development of the Web EFDS, we estimate the IRS inefficiently used\nresources totaling $20.5 million from May 25, 2001, to April 24, 2006, for the contractor costs\nassociated with the development of the Web EFDS. The EFDS Project Executive provided a\nspreadsheet with the payments made to Contractor 1 for system maintenance and Web EFDS\ndevelopment. We determined $18.5 million should be considered the development costs charged\nby Contractor 1.5 Contractors 2 and 3 were paid approximately $2 million between\nFebruary 6, 2004, and April 24, 2006, for Web EFDS development costs. Thus, the costs for\nWeb EFDS development totaled $20.5 million.\n\nType and Value of Outcome Measure:\n    \xe2\x80\xa2    Questioned Costs \xe2\x80\x93 Actual; $459,718 (see page 18).\n\nMethodology Used to Measure the Reported Benefit:\nIn October 2004, IRS executives became concerned about the status of the Web EFDS\ndevelopment. They determined the Web EFDS could not be implemented in January 2005 as\nplanned and decided the old EFDS would be implemented. Therefore, the old EFDS needed to\nreceive software updates, complete testing, etc. to be implemented for PY 2005. IRS\nmanagement advised us that, during a meeting between IRS and contractor executives, a\nContractor Senior Director commented the old EFDS would be updated and implemented at no\ncost to the Federal Government because the contractor did not deliver the Web EFDS as\n\n\n3\n  The EFDS is the primary source for the identification of leads on fraudulently filed tax returns; however, leads are\nalso received from sources internal to and external from the IRS.\n4\n  This amount was derived from a manual process provided by the Fraud Detection Centers on a weekly report; it\nhas not been verified and could contain inconsistencies/inaccuracies due to the manual process.\n5\n  The $18.5 million and $20.5 million are based on our analysis of the total costs obtained from the EFDS Project\nOffice and the IRS web-based requisition tracking system.\n                                                                                                             Page 29\n\x0c              The Electronic Fraud Detection System Redesign Failure Resulted\n                   in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nscheduled. However, the contractor submitted invoice charges totaling $459,718 for the\nadditional work to get the old EFDS ready for implementation and these charges were paid by\nthe IRS. The EFDS Project Manager advised us the invoices were paid without question because\nall invoices for the contract type that was used must be paid in full. The contractor had stated\nonly verbally it would not charge the IRS for updating the old EFDS for use in 2005, and the\nmatter was not raised with the contractor.\n\n\n\n\n                                                                                        Page 30\n\x0c                   The Electronic Fraud Detection System Redesign Failure Resulted\n                        in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n                                                                                                  Appendix V\n\nChronology of the Electronic Fraud Detection System\n               Development Events -\n      January 1, 1995, Through April 19, 2006\n\n            1995\n           1995            The Electronic Fraud Detection System (EFDS) was prototyped at the Cincinnati Service\n                           Center1 in 1994 and implemented in the five electronic filing service centers in 1995. Prior to\n                           implementation of the EFDS, the Questionable Refund Program Computer Identification\n                           Program began analyzing paper tax returns in 1977 and electronically filed tax returns in 1990.\n           1996\n           1996            Contractor 1 began work on the EFDS under the Treasury Information Processing Support\n                           Services contract. The EFDS was implemented at all 10 Fraud Detection Centers.\n           2001\n       June 20, 2001       The Internal Revenue Service (IRS) approved a task order for Contractor 1 for the period\n                           June 2000 through May 2006 authorizing approximately $39.5 million for software\n                           maintenance and development. As of April 2006, the IRS had spent over $37 million.\n           2002\n      January 31, 2002     A new Director, Business Systems Development (BSD), was appointed.\n\n       June 12, 2002       The Contractor 1 reengineering study, which dealt mostly with redesign of the database, stated\n                           the EFDS database required a major reengineering effort to meet the needs of the Criminal\n                           Investigation (CI) Division to identify quickly and stop tax refund fraud.\n       June 14, 2002       The EFDS Executive Steering Committee (ESC) was established in the Modernization and\n                           Information Technology Services (MITS) organization.\n           2003\n     February 14, 2003     The Reengineering 2003 Technical Approach and Plan showed Web EFDS applications were\n                           to be implemented in January 2005.\n       July 14, 2003       Last known meeting of the EFDS ESC. This meeting included the first ESC discussion of the\n                           Web portal and database redesign projects. Project monitoring responsibility was transferred\n                           to the EFDS Project Office in the BSD organization because the planning and scheduling\n                           phase was completed (it lasted 13 months) and the performance problems were resolved.\n\n\n\n\n1\n    See Appendix VI for a Glossary of Terms.\n                                                                                                            Page 31\n\x0c                The Electronic Fraud Detection System Redesign Failure Resulted\n                     in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n      2004\n\n    June 2004        The MITS organization appointed a new BSD Director, Filing Systems Division, who is\n                     responsible for the EFDS.\n  June 18, 2004      The EFDS Contracting Officer\xe2\x80\x99s Technical Representative (COTR) expressed concerns to the\n                     contractor\xe2\x80\x99s development team that they had not completed a walk-through of the application\n                     with the users. Therefore, the contractor was not sufficiently familiar with the functionality of\n                     the current EFDS, screen changes were made without considering user needs, and the\n                     requirements document was not followed.\nJuly \xe2\x80\x93 August 2004   The EFDS software was delivered to the Product Assurance organization for System\n                     Acceptability Testing. Problems were identified, and the System was deemed unusable.\nSeptember 9, 2004    The IRS EFDS Project Manager sent an email to the CI Division advising there is no\n                     contingency plan to keep the old programs functional or to use them for Processing\n                     Year (PY) 2005 production.\n  October 2004       The IRS EFDS Project Manager left the EFDS project sometime between August 2004 and\n                     October 2004. IRS executives and Contractor 1 agreed the System modifications would not be\n                     ready by January 2005. A decision was made to use the old EFDS for PY 2005 while work\n                     continued on the new System.\nOctober 18, 2004     The Product Assurance organization advised the CI Division the EFDS Web portal\n                     applications were not delivered for System Acceptability Testing on October 9, 2004, as\n                     planned.\nOctober 31, 2004     A new Project Manager was appointed for the EFDS.\n\nNovember 2, 2004     The CI Director, Refund Crimes, advised the Chief, CI, that, per a meeting between the BSD\n                     Director, Filing Systems Division, and the Associate Chief Information Officer (CIO),\n                     Information Technology Services, on November 01, 2004, the IRS would be going back to the\n                     2004 EFDS for PY 2005.\n  ****3(d)****       ****3(d)****\n\n      2005\nFebruary 17, 2005    The CI Director, Refund Crimes, signed the Web Portal Requirements Package.\n\n March 11, 2005      The Web Portal Work Breakdown Structure was signed. This provided for a commitment\n                     from Contractor 1 senior management to the dates noted in the work breakdown structure.\n  April 20, 2005     An EFDS Project Office email cited data loads and other problems (first indication of Web\n                     EFDS problems in 2005).\n    July 2005        The Product Assurance organization began System Acceptability Tests and identified System\n                     problems.\n\n\n\n\n                                                                                                        Page 32\n\x0c             The Electronic Fraud Detection System Redesign Failure Resulted\n                  in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n   August 2005       The training database was delivered to the CI Division, which began developing training\n                     materials and surfacing problems. Biweekly meetings among the CI Division, the BSD\n                     organization, and contractor executives began.\nSeptember 28, 2005   CI Division executives and staff expressed to BSD organization management (BSD Filing\n                     Systems Division Director, BSD Document Input Branch Chief, EFDS Project Office) their\n                     doubts that the Web EFDS would be implemented in January 2006.\n October 18, 2005    The CI Director, Refund Crimes, submitted a briefing paper to the Chief, CI, advising there is\n                     no contingency plan for the EFDS.\n October 21, 2005    In an email, Contractor 1 assured the IRS it was confident that the Web EFDS would be\n                     delivered on January 13, 2006.\n October 28, 2005    The Chief, CI, emailed the Deputy CIO advising that their staffs had come to a collective\n                     understanding of the Web EFDS risks and planned to discuss any unresolved issues or pending\n                     risks the following week.\n October 31, 2005    The BSD Director, Filing Systems Division, emailed an update on the Web EFDS performance\n                     and data conversion problems to the CIO, other MITS organization executives, CI Division\n                     executives, and BSD organization management and staff. (This is the first time we can\n                     substantiate the CIO was notified of problems.) Contractor 1 maintained the System would be\n                     ready on January 13, 2006, as scheduled. The first EFDS Readiness Executive Briefing was\n                     held.\n Late October or     The Deputy Commissioner for Operations Support and the Deputy Commissioner for Services\n November 2005       and Enforcement advised us they became aware of the Web EFDS issues in late October or\n                     November 2005.\nNovember 2, 2005     The BSD Director, Filing Systems Division, visited the CI Division\xe2\x80\x99s training location to\n                     observe the problems with the training database.\nNovember 4, 2005     The CIO advised us the first indication of potential Web EFDS issues was raised during the CI\n                     Division\xe2\x80\x99s Business Performance Review meeting for the fourth quarter of Fiscal Year 2005.\nNovember 7, 2005     The CIO advised us the MITS organization Business Performance Review meeting for the\n                     fourth quarter of Fiscal Year 2005 included a presentation on Web EFDS that indicated there\n                     were issues with the System, but it would be delivered on schedule.\n November 2005       The Associate CIO, BSD, and others decided they could not go back to the old EFDS. They\n                     thought they could run the new System, even though it had known flaws.\nNovember 29, 2005    A meeting was held with the following IRS executives to discuss progress made to prepare the\n                     CI Division for PY 2006 as it related to the Web EFDS: Deputy CIO; Associate CIO, BSD;\n                     Deputy Associate CIO, BSD; Deputy Director, Submission Processing; Director, Filing\n                     Systems Division; CI Director, Refund Crimes; and CI Deputy Director, Technology\n                     Operations and Investigative Services.\n\n\n\n\n                                                                                                      Page 33\n\x0c             The Electronic Fraud Detection System Redesign Failure Resulted\n                  in Fraudulent Returns and Refunds Not Being Identified\n\n\n\nLate November or    Senior executive briefings began daily on the status of the Web EFDS. Participants in these\n December 2005      briefings were generally the Associate CIO, BSD; Deputy Associate CIO, BSD; Director and\n                    Assistant Director, Filing Systems Division; and representatives from the contractor, Project\n                    Office, and Enterprise Operations organization.\n                    The Commissioner advised us he became aware of the Web EFDS problems in late November\n                    or December 2005.\n December 2005      An acting EFDS Project Manager was appointed.\n\nDecember 2, 2005    The old EFDS was shut down.\n\nDecember 22, 2005   The EFDS Project Office determined data loads had not started although the\n                    December 20, 2005, work breakdown structure prepared by Contractor 1 indicated the work\n                    was 50 percent complete.\nDecember 31, 2005   The CI Division Business Performance Review for the first quarter of Fiscal Year 2006 stated\n                    the Web EFDS was currently delayed and remained in testing, meetings between the MITS\n                    organization and CI Division had occurred to discuss progress and potential risk to the\n                    Program, and training for Fraud Detection Center personnel had been stopped.\n      2006\n\n  January 2006      IRS executives realized the project would not be delivered on time.\n\n January 4, 2006    The Web EFDS project schedule slipped 2 weeks since prior day\xe2\x80\x99s work breakdown structure.\n                    The problems at this time were related to data volume/data conversion/daily loads; they were\n                    not application-related problems.\n January 13, 2006   Planned delivery date for the Web EFDS.\n\n January 25, 2006   After missing the January 13, 2006, implementation date, Contractor 1 management stated a\n                    fully functioning System would be delivered by February 1, 2006.\n January 30, 2006   The BSD organization informed the CIO that a System would not be delivered by\n                    February 1, 2006.\nFebruary 13, 2006   The IRS initiated a \xe2\x80\x98War Room\xe2\x80\x99 to coordinate communications among the Enterprise\n                    Operations and BSD organizations and the CI Division.\nFebruary 15, 2006   The Compliance Domain Director, Applications Development, took over the Web EFDS\n                    project.\nFebruary 16, 2006   The MITS organization Business Performance Review for the first quarter of Fiscal\n                    Year 2006 stated it failed to timely implement the Web EFDS for production startup on\n                    January 13, 2006.\n\n\n\n\n                                                                                                     Page 34\n\x0c                The Electronic Fraud Detection System Redesign Failure Resulted\n                     in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n  February 21, 2006     The IRS Deputy Commissioner for Services and Enforcement advised the Treasury Inspector\n                        General for Tax Administration that the EFDS would not be available during PY 2006. The\n                        IRS does not plan to conduct a recovery program to identify potentially fraudulent refunds\n                        already issued.\n     March 2006         The old EFDS became available for nationwide research purposes only.\n\n    April 10, 2006      War Room and testing efforts for the new System were stopped.\n\n    April 17, 2006      A new acting EFDS Project Manager was appointed. Due to the risks, MITS organization\n                        executives (e.g., the EFDS Project Executive), with IRS Commissioner concurrence, decided\n                        to work only on restoring the old EFDS for use in PY 2007.\n    April 19, 2006      All system development activities for the new EFDS (i.e., Web portal application and database\n                        redesign efforts) were stopped; the contractor began finalizing a plan for revising the old EFDS\n                        for use in PYs 2006 and 2007.\nSource: Our interviews and documents acquired during fieldwork.\n\n\n\n\n                                                                                                         Page 35\n\x0c                The Electronic Fraud Detection System Redesign Failure Resulted\n                     in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n                                                                              Appendix VI\n\n                                  Glossary of Terms\n\nAs-built Architecture                         Documents Internal Revenue Service (IRS)\n                                              current production information technology\n                                              systems.\nBusiness Case                                 Required by Office of Management and Budget\n                                              Circular A-11 (Preparation, Execution, and\n                                              Submission of the Budget; dated June 2005) and\n                                              commonly called Exhibit 300, Capital Asset\n                                              Plan and Business Case. Each agency must\n                                              submit a Business Case twice a year for each\n                                              major information technology investment.\nCincinnati Service Center (currently known as Data processing arm of the IRS. The campuses\nthe Cincinnati Campus), located in            process paper and electronic submissions,\nCovington, Kentucky                           correct errors, and forward data to the\n                                              Computing Centers for analysis and posting to\n                                              taxpayer accounts.\nClient Server                                 A network architecture in which clients are\n                                              personal computers or workstations on which\n                                              users run applications. Clients rely on servers\n                                              for resources such as files, devices, and even\n                                              processing power.\nComputing Centers                             Support tax processing and information\n                                              management through a data processing and\n                                              telecommunications infrastructure.\nContracting Officer\xe2\x80\x99s Technical               Furnishes technical direction, monitors contract\nRepresentative                                performance, and maintains an arm\xe2\x80\x99s-length\n                                              relationship with the contractor.\n\n\n\n\n                                                                                       Page 36\n\x0c              The Electronic Fraud Detection System Redesign Failure Resulted\n                   in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nCost-Plus-Fixed-Fee Contract              A cost-reimbursement contract that provides for\n                                          payment to the contractor of a negotiated fee\n                                          that is fixed at the inception of the contract.\n                                          This contract type permits contracting for\n                                          efforts that might otherwise present too great a\n                                          risk to contractors, but it provides the contractor\n                                          only a minimum incentive to control costs.\nCost-Reimbursement Contract               Provides for payment of allowable incurred\n                                          costs, to the extent prescribed in the contract.\nData Loads                                Process of placing data into a system or\n                                          database.\nData-Mining Technique                     Process of automatically searching large\n                                          volumes of data for patterns.\nDevelopment/Modernization/Enhancement     Any new information technology investment\n                                          being proposed, developed, or acquired.\nEnterprise Life Cycle-Lite (ELC-Lite)     Required system development methodology for\n                                          all nonmodernization projects.\nELC-Lite \xe2\x80\x93 Architecture Phase             Establishes the concept/vision, requirements,\n                                          high-level design, project management\n                                          processes, and plans for a particular business\n                                          area or target system. It also defines the\n                                          releases for the business area or system.\nELC-Lite \xe2\x80\x93 Integration Phase              Includes the integration, testing, piloting, and\n                                          acceptance of a system release.\nELC-Lite \xe2\x80\x93 Operations and Support Phase   Addresses the ongoing support of the system\n                                          and maintenance of the applications. It begins\n                                          after the business process and system(s) have\n                                          been installed and have begun performing\n                                          business functions. It encompasses all of the\n                                          operations and support processes necessary to\n                                          deliver the services associated with managing\n                                          all or part of a computing environment.\n\n\n\n\n                                                                                     Page 37\n\x0c             The Electronic Fraud Detection System Redesign Failure Resulted\n                  in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nExecutive Steering Committee                  Oversees investments, including validating\n                                              major investment business requirements and\n                                              ensuring that enabling technologies are defined,\n                                              developed, and implemented.\nFraud Detection Centers                       Ten Criminal Investigation Division Centers\n                                              whose mission is to identify and detect refund\n                                              fraud, prevent the issuance of false refunds, and\n                                              provide support for the Criminal Investigation\n                                              Division field offices.\nInformation Technology Investment Portfolio   Required by Office of Management and Budget\n                                              Circular A-11 and commonly referred to as an\n                                              Exhibit 53. This portfolio must be submitted\n                                              with each agency\xe2\x80\x99s annual budget submission\n                                              and contain the information technology\n                                              investment title, description, amount, and\n                                              funding source.\nIntegrated Financial System                   An administrative accounting system used by\n                                              the IRS.\nItem Tracking Reporting and Control           An information system used by the Business\n                                              Systems Modernization Office to track and\n                                              report on issues, risks, and action items in the\n                                              modernization effort.\nMilestone Review                              A formal review process conducted to\n                                              determine whether key activities within a\n                                              project\xe2\x80\x99s life cycle have been completed prior to\n                                              proceeding from milestone to milestone.\nModernization and Information Technology      Highest level recommending and\nServices (MITS) Enterprise Governance         decision-making body to oversee and enhance\nCommittee                                     enterprise management of information systems\n                                              and technology. It ensures strategic\n                                              modernization and information technology\n                                              program investments, goals, and activities are\n                                              aligned with and support 1) the business needs\n                                              across the enterprise and 2) the modernized\n                                              vision of the IRS.\n\n\n\n\n                                                                                        Page 38\n\x0c             The Electronic Fraud Detection System Redesign Failure Resulted\n                  in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nMITS Enterprise Governance Committee   Supports the MITS Enterprise Governance\nInvestment Management Subcommittee     Committee in the realization of the IRS Capital\n                                       Planning and Investment Control process and\n                                       with the management of the IRS information\n                                       technology investment portfolio. This\n                                       Subcommittee provides general information\n                                       technology investment portfolio oversight,\n                                       including operational analysis reviews and\n                                       reports, investment prioritization\n                                       recommendations, and recommendations for\n                                       adjustments to the IRS portfolio.\nPerformance-Based Contract             Provides for acquiring services on the basis of\n                                       required results rather than the methods of\n                                       performing the work and uses measurable\n                                       performance standards (e.g., in terms of quality,\n                                       timeliness, quantity).\nProcessing Year                        The year in which tax returns and other tax data\n                                       are processed.\nProduct Assurance                      A MITS organization function that\n                                       independently assesses the quality of the\n                                       applications software by conducting System\n                                       Acceptability Testing with controlled data to aid\n                                       the customer in determining the system\xe2\x80\x99s\n                                       production readiness.\nQuality Assurance Surveillance Plan    Ensures services provided by the contractor\n                                       meet contract requirements. It should specify\n                                       the work requiring surveillance and the method\n                                       of surveillance.\nQuestionable Refund Program Computer   An application running on the mainframe\nIdentification Program                 computer. The Program was originally\n                                       developed by the IRS Inspection Service and\n                                       run by the Internal Audit function (now the\n                                       Treasury Inspector General for Tax\n                                       Administration Office of Audit).\n\n\n\n\n                                                                                Page 39\n\x0c               The Electronic Fraud Detection System Redesign Failure Resulted\n                    in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nQuestioned Cost                             A cost that (1) violated a provision of a law,\n                                            regulation, contract, or other requirement\n                                            governing the expenditure of funds; (2) was not\n                                            supported by adequate documentation; or\n                                            (3) was unnecessary or unreasonable.\nRequest for Information Services            A formal memorandum requesting MITS\n                                            organization support for changes to current or\n                                            planned programming, hardware, system\n                                            testing, etc.\nSecurity Certification and Accreditation    A security certification is an independent\n                                            technical evaluation, for the purpose of\n                                            accreditation, that uses security requirements as\n                                            the criteria for the evaluation. An accreditation\n                                            is an authorization granted by a management\n                                            official to operate the system based on the\n                                            evaluation of the security controls.\nSenior Management Dashboard Review          A review attended by senior executives,\n                                            contractors, program directors, and project\n                                            managers to ensure program directors and\n                                            project managers are held accountable for the\n                                            project status (e.g., risk, cost, schedule).\n                                            Emphasis is placed on only problem areas or\n                                            notable status changes.\nSteady State                                Any information technology investment that is\n                                            fully operational.\nSystem Acceptability Testing                Process of testing a system or program to ensure\n                                            it meets the original objectives outlined by the\n                                            user in the requirement analysis document.\nTask Order                                  An order for services placed against an\n                                            established contract or with Federal\n                                            Government sources.\nTier A - Technical Modernization Projects   Resources devoted to projects managed by the\n                                            IRS Business Systems Modernization Office.\n                                            Project scale is large, with a 2-year to 3-year\n                                            time period.\n\n\n\n                                                                                      Page 40\n\x0c             The Electronic Fraud Detection System Redesign Failure Resulted\n                  in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nTier B - Improvement Projects             Resources devoted to new improvements of\n                                          medium size (1-year to 2-year time period) and\n                                          funded from the improvement programs budget.\nTier C - Enhancements/Stay-In-Business    Resources devoted to all other types of projects\nProjects                                  (e.g., sustaining operations, legislative changes,\n                                          and small enhancements to sustaining\n                                          operations) funded from the regular sustaining\n                                          operations budget.\nTime-and-Materials Contract               Provides for acquiring supplies or services on\n                                          the basis of direct labor hours at specified fixed\n                                          hourly rates that include wages, overhead,\n                                          general and administrative expenses, profit, and\n                                          materials at cost.\nTreasury Information Processing Support   Contracts, awarded in 2000, that provide a\nServices-2                                broad range of information technology-related\n                                          services.\nWar Room                                  Set up at the Enterprise Computing Center in\n                                          Memphis, Tennessee, to serve as a centralized\n                                          repository for all incoming and outgoing\n                                          information regarding the Web Electronic Fraud\n                                          Detection System (Web EFDS). The War\n                                          Room was staffed primarily by technical staff\n                                          so information could be disseminated as it\n                                          became available, questions could be answered\n                                          immediately, and necessary assistance could be\n                                          provided. The War Room sent daily voice mail\n                                          messages two to three times per day regarding\n                                          the Web EFDS status.\nWeb EFDS                                  EFDS development effort allowing users to\n                                          access the system via the IRS Intranet.\nWeb Portal                                An Internet site or service that functions as a\n                                          major starting site for users to connect to a\n                                          broad array of resources and services, such as\n                                          email, forums, research tools, online shopping\n                                          malls, etc.\n\n\n\n\n                                                                                    Page 41\n\x0c               The Electronic Fraud Detection System Redesign Failure Resulted\n                    in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\nWork Breakdown Structure                 Project schedule used to manage the tasks, task\n                                         relationships, and resources needed to meet\n                                         project goals.\nWork Request                             Contains the specific details of the work to be\n                                         performed in a task order including the skill\n                                         categories, estimated number of hours, required\n                                         work products, and acceptance criteria.\n\n\n\n\n                                                                                 Page 42\n\x0c                 The Electronic Fraud Detection System Redesign Failure Resulted\n                      in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n                                                                                                Appendix VII\n\n                    Electronic Fraud Detection System\n                          Management Turnover\n\n        Table 1: Management Responsible for the Electronic Fraud Detection\n           System (EFDS) Prior to the August 8, 2005, Modernization and\n               Information Technology Services (MITS) Reorganization\n                     Title                    Employee\xe2\x80\x99s Name                           Date\n\n                                           ****3(a), 3(d)****           ****3(a), 3(d)****\n\n       Chief Information Officer           ****3(a), 3(d)****           ****3(a), 3(d)****\n       (CIO)1                              ****3(a), 3(d)****           ****3(a), 3(d)****\n                                           ****3(a), 3(d)****           ****3(a), 3(d)****\n\n       Associate CIO, Information          ****3(a), 3(d)****           ****3(a), 3(d)****\n       Technology Services2                ****3(a), 3(d)****           ****3(a), 3(d)****\n       Director, Business Systems\n                                           ****3(a), 3(d)****           ****3(a), 3(d)****\n       Development (BSD)3\n                                           ****3(a), 3(d)****           ****3(a), 3(d)****\n       Deputy Director, BSD4\n                                           ****3(a), 3(d)****           ****3(a), 3(d)****\n\n       Director, Submission\n                                           ****3(a), 3(d)****           ****3(a), 3(d)****\n       Processing Division5\n\n       Director, Filing Systems            ****3(a), 3(d)****           ****3(a), 3(d)****\n       Division                            ****3(a), 3(d)****           ****3(a), 3(d)****\n\n\n\n\n1\n  Names of the Acting CIOs during the gaps in the time period are not listed.\n2\n  This position was abolished ****3(d)****.\n3\n  Position title changed to Associate CIO, BSD, as a result of the MITS organization\xe2\x80\x99s reorganization, effective\nAugust 8, 2005 (see Table 2).\n4\n  Position title changed from Deputy Director, BSD, to Deputy Associate CIO, Applications Development, as a\nresult of the MITS organization\xe2\x80\x99s reorganization (see Table 2).\n5\n  The Division responsible for EFDS development prior to the creation of the BSD organization.\n                                                                                                            Page 43\n\x0c          The Electronic Fraud Detection System Redesign Failure Resulted\n               in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n              Title                   Employee\xe2\x80\x99s Name                      Date\n\n Acting Director, Filing Systems\n                                   ****3(a), 3(d)****        ****3(a), 3(d)****\n Division\n\n Document Perfection Branch\n                                   ****3(a), 3(d)****        ****3(a), 3(d)****\n Chief, Filing Systems Division\n\n                                   ****3(a), 3(d)****        ****3(a), 3(d)****\n\n EFDS Project Managers/Acting      Acting Project Managers   2000 \xe2\x80\x93 October 2000\n Project Managers                  ****3(a), 3(d)****        ****3(a), 3(d)****\n                                   ****3(a), 3(d)****        ****3(a), 3(d)****\nSource: Our analysis of MITS organization documents.\n\n          Table 2: Management Responsible for the EFDS After the\n                    August 8, 2005 MITS Reorganization\n              Title                   Employee's Name                      Date\n\n CIO                               ****3(a), 3(d)****        ****3(a), 3(d)****\n Deputy CIO                        ****3(a), 3(d)****        ****3(a), 3(d)****\n\n Associate CIO, BSD                ****3(a), 3(d)****        ****3(a), 3(d)****\n\n Associate CIO, Applications\n                                   ****3(a), 3(d)****        ****3(a), 3(d)****\n Development\n Deputy Associate CIO,\n                                   ****3(a), 3(d)****        ****3(a), 3(d)****\n Applications Development\n Director, Filing Systems\n                                   ****3(a), 3(d)****        ****3(a), 3(d)****\n Division\n\n Document Perfection Branch\n                                   ****3(a), 3(d)****        ****3(a), 3(d)****\n Chief, Filing Systems Division\n\n                                   ****3(a), 3(d)****        ****3(a), 3(d)****\n EFDS Project Managers/Acting\n                                   ****3(a), 3(d)****        ****3(a), 3(d)****\n Project Managers\n                                   ****3(a), 3(d)****        ****3(a), 3(d)****\nSource: Our analysis of MITS organization documents.\n\n\n\n\n                                                                                   Page 44\n\x0c   The Electronic Fraud Detection System Redesign Failure Resulted\n        in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n                                                    Appendix VIII\n\nManagement\xe2\x80\x99s Response to the Draft Report\n\n\n\n\n                                                            Page 45\n\x0cThe Electronic Fraud Detection System Redesign Failure Resulted\n     in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n                                                         Page 46\n\x0cThe Electronic Fraud Detection System Redesign Failure Resulted\n     in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n                                                         Page 47\n\x0cThe Electronic Fraud Detection System Redesign Failure Resulted\n     in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n                                                         Page 48\n\x0cThe Electronic Fraud Detection System Redesign Failure Resulted\n     in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n                                                         Page 49\n\x0cThe Electronic Fraud Detection System Redesign Failure Resulted\n     in Fraudulent Returns and Refunds Not Being Identified\n\n\n\n\n                                                         Page 50\n\x0c"